TechFlow news: On February 20, GoPlus monitoring revealed that Polymarket, a prediction market platform, suffered a hacker attack due to a design flaw in its off-chain and on-chain trade result synchronization mechanism within its order system. Attackers manipulated nonces to cause on-chain matched trades to be canceled or invalidated before settlement, while the off-chain records remained valid—leading to API misreporting and disrupting trading behavior of bots such as Negrisk, resulting in user losses.
Attack analysis is as follows:
1. The attacker submitted/large-scale reverse trades against market-making bots on Polymarket’s off-chain orderbook.
2. The attacker constructed transactions with forged/duplicated nonces or exploited on-chain nonce race conditions, ensuring the on-chain transactions would inevitably revert.
3. Polymarket’s API returned “trade executed successfully” to the bot before on-chain confirmation, causing the bot to believe its position had been hedged—even though the on-chain state had not yet changed.
4. The attacker then executed legitimate on-chain trades to fill the exposed directional exposure of the bot, thereby profiting “risk-free.”
5. Since reverts occur at the blockchain layer, Polymarket fees do not spike; thus, the attack cost remains controllable and repeatable.
GoPlus recommends users suspend automated trading tools, verify on-chain transaction statuses, enhance wallet security, and closely monitor official Polymarket announcements.
