Less than 1 cent could cripple millions in liquidity; an order attack could deplete Polymarket's liquidity foundation.

Frank
Frank
  • Attackers exploit the time gap between off-chain matching and on-chain settlement on Polymarket, clearing market maker orders with low-cost transactions.
  • Methods include placing orders via API and then draining funds on-chain, causing failed transactions but removing other orders.
  • Profit paths: monopolizing markets after clearing orders to earn wider spreads, or hunting hedge robots to create naked positions.
  • Cost less than $0.1 per attack, with profits up to $16,427.
  • Impact: forced removal of market maker orders, unreliable signals for bots, liquidity damage.
  • No official response; community develops monitoring tools, but issue not fundamentally resolved.
Summary

Author: Frank, PANews

A single on-chain transaction of less than $0.10 can instantly wipe market-making orders worth tens of thousands of dollars from Polymarket's order book. This is not a theoretical deduction, but a reality that is happening right now.

In February 2026, a player disclosed a new attack method targeting Polymarket market makers on social media. Blogger BuBBliK described it as "elegant and brutal" because attackers only need to pay less than $0.10 in gas fees on the Polygon network to complete an attack cycle in about 50 seconds. The victims, market makers and automated trading bots who placed real money buy and sell orders on their order books, faced multiple blows, including forced removal of orders, passive exposure of positions, and even direct losses.

PANews investigated an attacker's address flagged by the community and found that the account, registered in February 2026, participated in trading across only seven markets, yet recorded a total profit of $16,427, with the core profits essentially completed within a single day. When a prediction market leader valued at $9 billion can have its liquidity foundation swayed by costs of mere cents, this exposes far more than just a technical vulnerability.

PANews will delve into the technical mechanisms, economic logic, and potential impact of this attack on the prediction market industry.

How the attack happened: A precise hunt utilizing "time difference"

To understand this attack, it's necessary to first understand Polymarket's trading process. Unlike most DEXs, Polymarket, in pursuit of a user experience closer to centralized exchanges, employs a hybrid architecture of "off-chain matching + on-chain settlement." User orders and matching are completed instantly off-chain; only the final settlement is submitted to the Polygon chain for execution. This design provides users with a smooth experience of zero-gas order placement and near-instantaneous execution, but it also creates a "time lag" of several seconds to tens of seconds between off-chain and on-chain processes, which the attackers precisely targeted.

The attack logic is not complex. The attacker first places a normal buy or sell order via the API. At this point, the off-chain system verifies the signature and balance correctly, and then matches it with other market makers' orders in the order book. However, almost simultaneously, the attacker initiates an extremely high-gas-fee USDC transfer on-chain, transferring all the money out of the wallet. Because the gas fee is much higher than the platform relayer's default setting, this "draining" transaction is confirmed by the network first. By the time the relayer subsequently submits the matching result to the chain, the attacker's wallet is empty, and the transaction fails and rolls back due to insufficient funds.

If the story ended there, it would only involve a waste of relay gas fees. But the truly fatal step is this: although the transaction failed on-chain, Polymarket's off-chain system forcibly removed all innocent market maker orders involved in this failed match from the order book. In other words, the attacker used a doomed transaction to "clear out" the buy and sell orders that others had placed with real money in one click.

To use an analogy: it's like someone loudly bidding at an auction, only to turn around and say "I have no money" the moment the hammer falls, but the auction house confiscates all the paddles of all the other legitimate bidders, causing the auction to fail.

It's worth noting that the community later discovered an "upgraded version" of this attack, named "Ghost Fills." Attackers no longer need to rush the transfer; instead, after the order is matched off-chain but before on-chain settlement, they directly invoke the "cancel all orders with one click" function on the contract, instantly invalidating their own orders and achieving the same effect. Even more cunningly, attackers can place orders in multiple markets simultaneously, observe price movements, and only keep the favorable orders executed normally, canceling the unfavorable ones using this method, essentially creating a "win-only" free option.

Attacking "Economics": Costs of a few cents, profits of $16,000

Besides directly clearing market maker orders, this asynchrony between off-chain and on-chain states has also been used to hunt automated trading bots. According to monitoring by the GoPlus security team, affected bots include Negrisk, ClawdBots, and MoltBot.

Attackers delete other people's orders and create "ghost transactions." These operations do not directly generate profits, so how do they make money?

PANews' analysis reveals that the attackers primarily operate through two profit-making paths.

The first strategy is "market making monopoly after clearing the market." Under normal circumstances, multiple market makers compete to place orders on the order book of a popular prediction market. The spread between the best bid and ask prices is usually very narrow, for example, a bid at 49 cents and an ask at 51 cents. Market makers profit from this 2-cent spread. An attacker repeatedly initiates "doomed-to-fail trades," forcibly clearing all of these competitors' orders. At this point, the order book becomes a vacuum. The attacker then places buy and sell orders using their own account, but the spread is significantly widened, for example, a bid at 40 cents and an ask at 60 cents. Other users who need to trade have no better offer and are forced to accept this price. The attacker profits from this 20-cent "monopoly spread." This pattern repeats itself: clearing the market, monopolizing, profiting, and then clearing the market again.

The second profit-making path is more direct: "hunting hedging bots." To illustrate, suppose the price of "Yes" in a market is 50 cents. An attacker places a $10,000 buy order for "Yes" with a market-making bot via API. After the off-chain system confirms the successful match, the API immediately tells the bot, "You have sold 20,000 shares of Yes." Upon receiving the signal, the bot, to hedge its risk, immediately buys 20,000 shares of "No" in another related market to lock in profits. However, the attacker then causes the $10,000 buy order to fail and roll back on-chain. This means the bot hasn't actually sold any "Yes" at all; its previously perceived hedging position has become a naked one-sided bet, holding only 20,000 shares of "No" without a corresponding short position to protect it. The attacker then trades in the market, profiting from the bot's forced sale of these unhedged positions, or directly arbitrages from market price deviations.

From a cost perspective, each attack cycle incurs less than $0.10 in gas fees on the Polygon network, and each cycle takes approximately 50 seconds, theoretically allowing for about 72 attacks per hour. One attacker has set up a "dual-wallet loop system" (alternating between Cycle A Hub and Cycle B Hub) to achieve fully automated, high-frequency attacks. Hundreds of failed transactions have already been recorded on-chain.

From a revenue perspective, PANews reviewed an attacker's address flagged by the community. This account, newly registered in February 2026, participated in only seven markets but already achieved a total profit of $16,427, with a single profit of $4,415. The core profit-making activity was concentrated within a very short time window. In other words, the attacker leveraged less than $10 in gas costs to generate over $16,000 in profit in a single day. And this is just one flagged address; the actual number of addresses involved in the attack and the total profit are likely far greater.

For the affected market makers, the losses are even more difficult to quantify. Traders running BTC 5-minute market bots on Reddit reported losses amounting to "thousands of dollars." The deeper damage lies in the opportunity costs of frequent forced order removals and the operational expenses of being forced to adjust market-making strategies.

The more pressing issue is that this vulnerability stems from a design flaw in Polymarkert's underlying mechanism, which cannot be fixed in the short term. As this attack method becomes public, similar attacks will become more prevalent, further damaging Polymarket's already fragile liquidity.

Community self-help, early warning, and platform silence

As of now, Polymarket has not released a detailed statement or fix for this order attack. Some users have also stated on social media that this bug had been reported multiple times months ago, but was consistently ignored. It's worth noting that Polymarket previously opted to refuse refunds when faced with a governance attack (UMA Oracle vote manipulation).

With no official action taken, the community began to devise its own solutions. A community developer spontaneously created an open-source monitoring tool called "Nonce Guard," which can monitor order cancellations on the Polygon blockchain in real time, build a blacklist of attacker addresses, and provide general alerts for trading bots. However, this approach is essentially a patch to enhance monitoring and cannot fundamentally solve these problems.

Compared to other arbitrage methods, the potential impact of this attack method may be more profound.

For market makers, painstakingly maintained order books can be cleared in bulk without warning, destroying the stability and predictability of their market-making strategies and potentially undermining their willingness to continue providing liquidity on Polymarket.

For users running automated trading bots, the transaction signals returned by the API are no longer reliable, while ordinary users may suffer significant losses in trading due to the sudden disappearance of liquidity.

As for the Polymarket platform itself, when market makers dare not place orders and bots dare not hedge, the order book depth will inevitably shrink, further exacerbating this vicious cycle.

Share to:

Author: Frank

Opinions belong to the column author and do not represent PANews.

This content is not investment advice.

Image source: Frank. If there is any infringement, please contact the author for removal.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
Biteye

Biteye

Polymarket vs Kalshi: Who is the king of prediction markets?
Frank

Frank

Searching for the "golden key" to predicting the market through 27.73 million transaction data points, yet 690 candlestick strategies still struggle to generate profits.
Frank

Frank

Is Polymarket rushing to issue cryptocurrency to boost revenue figures? The sports market is opening up to fees, aiming to become the new "money-printing machine" of Web3.
Frank

Frank

A 15-minute game of wins and losses: Millions of transaction records unveil the "folded world" of the Bitcoin prediction market.
Frank

Frank

With an actual win rate of only 60%, data reveals the truth behind ICO predictions on Polymarket.
Frank

Frank

Deep Dive into 290,000 Market Data Points: Revealing 6 Truths About Polymarket Liquidity

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe