Contract Audit Passed, Thermometer Did Not: Polymarket's 'Physical Vulnerability' Moment

marsbitPublished on 2026-04-23Last updated on 2026-04-23

Abstract

According to reports, an individual manipulated temperature sensors at Paris Charles de Gaulle Airport (LFPG) on April 6th and 15th, causing brief, anomalous spikes of over 3°C. These events were allegedly orchestrated to profit from corresponding low-probability bets on the prediction market Polymarket, turning a small investment into approximately $34,000. The French national meteorological service, Météo-France, filed a criminal lawsuit after discovering signs of physical tampering. The attack required minimal technical skill; the perpetrator reportedly used a battery-powered hairdryer to briefly heat the publicly accessible sensor. Polymarket’s market for Paris temperature settles based on the day's highest recorded temperature from a data chain that runs from the physical sensor to Météo-France, to Weather Underground, and finally to its smart contract. In response, Polymarket did not void the profits or make an official statement. It silently changed the data source for its Paris market from LFPG to Le Bourget Airport (LFPB), a location with similarly unprotected sensors. This incident highlights a critical vulnerability: while the smart contracts are audited and secure, the physical data sources feeding them remain exposed and easy to manipulate.

Original Author: Sanqing, Foresight News

According to French media Le Monde, on April 6th and 15th, the meteorological sensors at Paris Charles de Gaulle Airport experienced two anomalies. The temperature surged by more than 3°C within minutes before quickly returning to normal, as if nothing had happened. Behind each anomaly, someone had placed bets on the corresponding low-probability temperature range on Polymarket in advance. From a principal of just tens of dollars, they collectively walked away with approximately $34,000 from these two incidents. The account that placed the first bet was created just two days before the anomaly occurred.

Météo-France subsequently conducted a physical inspection of the sensors and found signs of human intervention. They filed a criminal complaint with the Charles de Gaulle Airport Gendarmerie, with the charge being "interfering with an automated data processing system." According to an analysis in an AR15 forum post, based on Article 323-2 of the French Penal Code, and because Météo-France is a public institution, the related charges could carry a maximum penalty of 7 years imprisonment and a fine of 300,000 euros.

The Technical Sophistication of This Scam Is Approximately Zero

The settlement chain for Polymarket's Paris temperature market is as follows: Physical Sensor → Météo-France → Weather Underground → Polymarket Contract.

On this chain, the smart contract part is audited, data transmission is automated, and Weather Underground's data scraping is real-time. The only weak point is at the very beginning: a thermometer standing by the airport roadside, without fencing, without cameras, accessible to anyone who walks by.

All the attacker needed was a battery-powered heat gun/hairdryer.

Polymarket bases its settlement on the day's maximum temperature. This means that creating one brief temperature peak is enough to rewrite the official record for the day.

Acting in the evening or at night is more ideal, as the daytime high has usually already passed, making subsequent readings more likely to become the new record. Therefore, the suspect chose 7 PM on April 6th and 9:30 PM on April 15th.

The operational procedure was likely: buy the low-probability option in advance, walk to the sensor at night, turn on the heat gun, wait for the reading to cross the target temperature, stop, leave, and wait for on-chain settlement.

The entire operation required no technical skill whatsoever, just some understanding of the settlement mechanism and a willingness to walk to the edge of the airport.

Polymarket's Response: Quietly Swapped the Thermometer

Polymarket has not issued any official statement regarding this incident. The only thing it did was change the settlement data source for the Paris temperature market from Charles de Gaulle Airport (LFPG) to Le Bourget Airport (LFPB).

The profits from the two accounts were not revoked; the market settled normally according to the on-chain records.

The sensor at Le Bourget Airport is also placed outdoors, similarly without physical protection. They changed the address, but the problem remains entirely unchanged.

This is not Polymarket's first controversy. In October 2024, a French trader was accused of manipulating Trump election odds using 4 linked accounts, reportedly profiting $85 million; in March 2025, a whale used 5 million tokens to forcibly push through a UMA governance vote, settling a controversial market with a "Yes" outcome, involving $7 million; in January and March 2026, anomalous bets appeared in markets related to Venezuela and Iran respectively, with the latter already drawing attention from the US Congress...

Previous incidents at least required millions of dollars in capital or governance tokens; this time the cost was just a heat gun.

The Contract Was Audited, The Thermometer Was Not

This story has an absurd sense of humor. A prediction market running on the blockchain, touting decentralization and immutability, was thoroughly exploited twice by a battery-powered heat gun. Cryptography was of no help in this matter because it never verifies whether the input data is real.

Polymarket currently has 173 active weather markets. The settlement basis for most of these markets is a single physical sensor in some location.

When a sensor is used as a meteorological tool, its credibility comes from the fact that no one has a motive to tamper with it. Polymarket gave it a new incentive structure but provided no new physical protection.

The Météo-France thermometer dutifully recorded the temperature it sensed. It just didn't know it had become a financial settlement terminal.

Related Questions

QWhat was the key vulnerability exploited in the Polymarket Paris temperature market incident?

AThe physical vulnerability of the meteorological sensor at Charles de Gaulle Airport, which was unprotected and could be easily manipulated with a simple tool like a battery-powered hairdryer.

QHow did the attackers profit from manipulating the temperature sensor?

AThey placed bets on low-probability temperature ranges on Polymarket just before artificially spiking the temperature, turning a small investment of tens of dollars into approximately $34,000 in profits across two incidents.

QWhat was Polymarket's response to the temperature manipulation incidents?

APolymarket did not issue an official statement or reverse the profits. They silently changed the data source for the Paris temperature market from Charles de Gaulle Airport (LFPG) to Le Bourget Airport (LFPB), which had the same physical vulnerability.

QWhat legal consequences might the perpetrators face according to the article?

AUnder French law, specifically Article 323-2, and because Météo-France is a public institution, the charges for interfering with an automated data processing system could result in up to 7 years in prison and a €300,000 fine.

QWhat does the incident reveal about the limitations of blockchain-based prediction markets like Polymarket?

AIt highlights that while smart contracts are audited and the blockchain is secure, the system remains vulnerable if the real-world data inputs (oracles) are not physically secure and can be easily manipulated, undermining the integrity of the market.

Related Reads

Visualizing Musk's Wealth: $3.6 Million Per Hour, Average Person Needs 11 Million Years of Work

Elon Musk is on the verge of becoming the world's first trillionaire, with a current estimated net worth of $970 billion. This wealth, largely tied to equity in SpaceX and Tesla, translates to him accumulating roughly $992 per second or $3.6 million per hour on average over his 31-year career. His fortune surpasses the annual GDP of over 125 countries and represents about 3% of U.S. GDP, double the relative wealth of historical figures like John D. Rockefeller. For perspective, an average U.S. household earning the median income would need to work over 11 million years to amass a comparable sum. Musk's wealth could buy approximately 2.4 million average American homes, all 32 NFL teams plus every NBA team, or over 10,000 private jets with operating costs. The analysis highlights the staggering scale and concentration of modern wealth, driven by successes in electric vehicles, space exploration, and artificial intelligence.

marsbit6m ago

Visualizing Musk's Wealth: $3.6 Million Per Hour, Average Person Needs 11 Million Years of Work

marsbit6m ago

Both Suffer Massive Losses Exceeding $90 Billion, Which Is in Greater Peril: Strategy or Bitmine?

Facing massive paper losses exceeding $90 billion each amidst a sharp market downturn, "Digital Asset Treasury" (DAT) giants Strategy and Bitmine find themselves in a precarious position, but with different underlying risks. Strategy, heavily invested in Bitcoin (BTC), faces significant financial strain. Its strategy relies heavily on debt, including convertible notes and preferred stock (STRC) requiring substantial dividend payments. With its cash reserves dwindling and BTC offering no staking yield for cash flow, Strategy's high leverage makes it vulnerable. A continued price decline could force asset sales to meet obligations, potentially creating a negative feedback loop. Its market value has already fallen sharply. In contrast, Bitmine, an Ethereum (ETH) holder, appears on firmer financial ground. It primarily funds its purchases through equity offerings (like ATM programs), avoiding debt pressure. It also generates income by staking a large portion of its ETH holdings. While not immune to market drops and shareholder dilution concerns, Bitmine maintains more flexibility, recently announcing a new preferred share offering to raise further capital. The core divergence lies in their financing: Bitmine uses equity (investor money), while Strategy uses debt (borrowed money). Consequently, Bitmine currently faces less immediate liquidity pressure than Strategy, which must navigate the dual challenge of servicing debt/dividends and a declining core asset (BTC) price.

marsbit10m ago

Both Suffer Massive Losses Exceeding $90 Billion, Which Is in Greater Peril: Strategy or Bitmine?

marsbit10m ago

Both Suffer Losses Exceeding $9 Billion, Which Is More at Risk: Strategy or Bitmine?

As Bitcoin and Ethereum prices drop significantly, two major corporate treasury holders, Strategy and Bitmine, are facing massive unrealized losses—approximately $100 billion and $90 billion, respectively. The article compares their financial health and underlying risks. Bitmine, holding over 5.4 million ETH, relies primarily on equity financing (like ATM offerings) and has substantial cash reserves, alongside staking income from its ETH holdings. It plans a $300 million perpetual preferred stock offering. In contrast, Strategy, holding Bitcoin, is burdened by significant convertible debt and preferred stock dividends, with cash reserves covering only about six months of its annual dividend obligations. Strategy's leverage is higher, and it faces potential liquidity pressure if BTC prices fall further, possibly forcing asset sales. While both companies are under pressure, Bitmine’s financial structure appears more resilient, whereas Strategy’s high leverage makes it more vulnerable to continued market declines.

Odaily星球日报14m ago

Both Suffer Losses Exceeding $9 Billion, Which Is More at Risk: Strategy or Bitmine?

Odaily星球日报14m ago

Where the AI Bubble Really Is: Which Layer of Players Are Naked

AI Bubble: Where It Really Is and Who's Swimming Naked This analysis dissects the AI industry not as a single entity but as a five-layer pyramid, arguing that bubbles are concentrated in specific tiers, not uniformly distributed. **Key Distinction from the 2000 Dot-com Bubble:** Unlike 2000, where companies had stock prices before revenue, today's leading AI players have massive, contract-backed revenue driving their valuations. Core infrastructure demand is real, with every GPU running at full capacity for paying customers. **The Five-Layer Pyramid & Bubble Assessment:** * **L0 (Fab/Manufacturing) & Top L4 (Leading AI Apps): NO BUBBLE.** Companies like TSMC, NVIDIA, major cloud providers (Microsoft, Google, Meta, Amazon), and top AI labs have real revenues and orders. Supply is tightly constrained by TSMC's disciplined capacity control and physical limits like power/land for data centers, preventing a supply glut. * **L1 (Memory): BATTLEGROUND.** Sky-high HBM margins could signal a new structural cycle or a classic "boom before bust." The oligopoly of three major players may enforce supply discipline, making this a high-stakes bet. * **L2 (Interconnect/Optical Modules): BUBBLE TERRITORY.** Companies like Lumentum and AAOI have seen stock surges (4-10x) far outpacing revenue growth. This hardware segment has lower physical barriers to expansion than fabs, allowing speculation. It mirrors the 2000 bubble's epicenter—optics. * **L3 (Infrastructure/"GPU Landlords"): VULNERABLE.** GPU leasing companies profit from the current compute shortage but own no long-term moat. Their business model relies on a temporary bottleneck that will ease as big tech expands and new tech (e.g., potential space-based data centers) emerges. * **L4 Long Tail (VC-backed Startups): STRONG BUBBLE SIGNALS.** VC funding concentration in AI is twice that of the 1999 peak. Many startups with little revenue use the valuation logic of successful giants to justify their own, creating high risk of a "valuation crunch" when funding dries up. **Critical Risks to Monitor:** 1. **GPU Depreciation & Accounting:** Companies extending the assumed useful life of GPUs artificially boost profits. The true economic life depends on future generational leaps from NVIDIA. 2. **"GPU Credit" & Off-Balance-Sheet Leverage:** Emerging structures where shell companies borrow to buy GPUs and lease them out (with chipmakers sometimes investing) move debt off major balance sheets. This echoes the "vendor financing" of 2000 and the securitization risks of 2008, though currently small-scale. 3. **TSMC Abandoning Caution:** If the primary supply bottleneck (TSMC's conservative capacity planning) breaks, runaway supply could trigger a bust. 4. **Algorithmic Efficiency Breakthrough:** A major leap in software efficiency could drastically reduce the need for raw compute hardware, undermining the investment thesis. **Conclusion:** The AI boom is expensive and has frothy areas, but its core is underpinned by real demand and physical supply constraints. The bubble risk is layered: most present in optical components, GPU leasing, and the long-tail startup ecosystem, while the foundational chip manufacturing and leading application layers remain relatively solid—for now.

marsbit22m ago

Where the AI Bubble Really Is: Which Layer of Players Are Naked

marsbit22m ago

Bitcoin's Decline Marks the Metamorphosis of Crypto

Bitcoin's decline signifies a structural transformation within the crypto industry. Its two traditional core functions are being usurped: AI has absorbed speculative capital that once flowed into Bitcoin, while dollar stablecoins have replaced it as the foundational on-chain currency. This decoupling is not a sign of crypto's demise but of its maturation. Projects are now valued based on fundamentals like revenue and user growth, independent of Bitcoin's price movements. Examples include the on-chain exchange Hyperliquid, with transaction volumes surpassing Coinbase, and the prediction market Polymarket, valued at $200 billion. Privacy has emerged as a critical new sector, with assets like Zcash surging and protocols like NEAR enabling private, cross-chain transfers without requiring users to hold a new token. The landscape is shifting toward a multi-chain ecosystem anchored by stablecoins. A new layer of infrastructure for cross-chain coordination, privacy, and AI-agent interaction is emerging to connect this fragmented world, a role once implicitly held by Bitcoin. The era where all altcoins moved in lockstep with Bitcoin is over. The industry's health should now be gauged by project fundamentals and the underlying infrastructure enabling private, dollar-settled, and interconnected crypto-economy.

marsbit30m ago

Bitcoin's Decline Marks the Metamorphosis of Crypto

marsbit30m ago

Trading

Spot
Futures
活动图片