ChainCatcher reports that, according to the GoPlus Chinese community, the prediction market platform Polymarket was hacked due to a design flaw in the synchronization mechanism between off-chain and on-chain transaction results in its order system.
The attacker manipulated nonces to cause on-chain matched transactions to be canceled or invalidated before settlement, while off-chain records remained valid, leading to API false positives, affecting trading bots like Negrisk and causing user losses. The attack process is as follows: 1. The attacker submits or matches large reverse trades with market-making bots on Polymarket’s off-chain order book. 2. The attacker constructs transactions with forged or duplicate nonces or exploits on-chain nonce competition, ensuring the on-chain transaction reverts. 3. Polymarket’s API returns “Trade Successful” to the bot before on-chain confirmation, causing the bot to believe the position has been hedged, while the on-chain state has not yet changed. 4. The attacker then exploits the exposed direction by executing a real on-chain transaction, achieving “risk-free” profit. 5. Since the revert occurs on the blockchain layer, Polymarket’s fees do not explode, making the attack cost manageable and sustainable. GoPlus recommends users pause automated trading tools, verify on-chain transaction statuses, strengthen wallet security, and closely monitor official Polymarket announcements.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Cboe launches S&P 500 Index Partial Return Forecast Market Contract, reforming event trading models
Cboe Global Markets will launch a new prediction market contract linked to the S&P 500 Index, allowing traders to earn a portion of the gains based on prediction accuracy. This move aims to attract more retail investors. It marks an increased focus on event-driven financial products and is expected to boost retail trading activity, becoming an emerging investment trend.
GateNews1h ago
A new account deposits $5,000 from a certain CEX and, on the day after Predict.fun's launch, the FDV surpasses multiple valuation thresholds.
On March 10th, a new account placed a $5,000 bet on Predict.fun FDV on Polymarket, including $2,100 on "FDV > 300M." At this time, Predict.fun announced the acquisition of Probable and launched a joint staking program to attract liquidity.
GateNews1h ago
New address investment of $7,600 to buy into the prediction that other countries will strike Iran in March
According to Gate News, on March 10th, a new address purchased a prediction about other countries possibly taking action against Iran in March on the Polymarket prediction market for $7,600. Meanwhile, U.S. Senator Lindsey Graham criticized Saudi Arabia's passive attitude toward the Iran war, warning of potential political consequences, reflecting that U.S. hawks want Middle Eastern allies to take on more responsibility.
GateNews2h ago
Two high-probability addresses invested $13,400 betting on a US-Iran ceasefire in June
On March 10th, on the prediction market Polymarket, two high-probability addresses placed a $13,400 bet on a ceasefire between the US and Iran in June. Iran hopes to end the war rather than a temporary ceasefire. Trump claimed the conflict would end quickly and issued threats against Iran.
GateNews2h ago
User created a new wallet 20 hours ago, betting that the U.S. military will enter Iran before March 14, with an investment of $32,900.
Gate News Report, March 10 — Lookonchain monitoring shows that a user created a new wallet "minder42" 20 hours ago, betting that the U.S. military will enter Iran before March 14. Despite the odds continuously decreasing, the user keeps increasing their bet, with a total investment of $32,900 so far.
GateNews3h ago
Polymarket high-profit account invests $13,000 predicting the US-Iran conflict will end within 3 months
According to PolyBeats monitoring, on March 10th, an account on Polymarket invested $13,000 in options related to the end of the US-Iran conflict. Trump hinted that military actions were nearing completion, and the market was concerned about high oil prices affecting the economy, prompting a display of willingness to cease fire.
GateNews4h ago
