🚨This is indeed a case in the prediction market that is worth being cautious about, I understand—

The hybrid architecture of Polymarket has a natural BUG: off-chain state and on-chain state can never be completely synchronized forever.

The attacker used a set of automated scripts, costing less than $0.1 in Gas, with approximately 50 seconds per cycle, the attack method—

1⃣ First, place a normal order using the API, allowing the off-chain system to confirm the match;

2⃣ Almost simultaneously, withdraw wallet funds on-chain using higher Gas, causing settlement failure;

3⃣ The system will forcibly remove all market maker orders involved in this match from the order book, creating an artificial vacuum in the market.

In this way, the attacker can make money in two ways:

1⃣ After repeatedly clearing the market, they can post extremely wide spreads in the artificially created market vacuum; if other users are eager to trade, they will be forced to accept this price.

2⃣ Trick market-making bots into misjudging trades and automatically hedging, then expose the opponent's unilateral positions instantly through a rollback; the attacker can then push the price or trade in the opposite direction, effectively ensuring a stable profit.

There hasn't been a large-scale attack yet, but if it becomes widespread, the depth of the order book will systematically shrink, ultimately harming the platform's competitive edge.

If the architecture cannot be changed, is it possible to introduce measures such as failure penalties or matching margins? @Polymarket

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。