Author: Frank, PANews
Original Title: Less Than 10 Cents Collapses Millions in Liquidity, Order Attacks May Empty Polymarket's Liquidity Foundation
A single on-chain transaction costing less than $0.10 can instantly wipe out market-making orders worth tens of thousands of dollars from Polymarket's order book. This is not a theoretical scenario but a reality that is currently unfolding.
In February 2026, a user disclosed a new type of attack targeting Polymarket's market makers on social media. Blogger BuBBliK described it as "elegant & brutal" because the attacker only needs to pay less than $0.10 in Gas fees on the Polygon network to complete an attack cycle in about 50 seconds. The victims—market makers and automated trading bots who have placed buy and sell orders with real money—face multiple blows: forced order removal, passive exposure of positions, and even direct losses.
PANews reviewed an attacker address flagged by the community and found that the account was registered in February 2026, participated in only 7 markets, but has already recorded a total profit of $16,427, with the core gains made essentially within a single day. When the liquidity foundation of a prediction market leader valued at $9 billion can be leveraged at a cost of a few cents, this exposes far more than just a technical vulnerability.
PANews will delve into the technical mechanisms, economic logic, and potential impact of this attack on the prediction market industry.
How the Attack Happens: A Precision Hunt Exploiting a "Time Gap"
To understand this attack, one must first understand Polymarket's trading process. Unlike most DEXs, Polymarket uses a hybrid architecture of "off-chain matching + on-chain settlement" to pursue a user experience close to that of centralized exchanges. User order placement and matching are completed instantly off-chain, and only the final fund settlement is submitted to the Polygon chain for execution. This design allows users to enjoy zero-Gas order placement and second-level execution, but it also creates a "time gap" of a few seconds to over ten seconds between off-chain and on-chain processes. The attacker precisely targets this window.
The attack logic is not complex. The attacker first places a buy or sell order normally via the API. At this time, the off-chain system verifies the signature and balance without issue and matches it with other market makers' orders on the order book. But almost simultaneously, the attacker initiates an on-chain USDC transfer with an extremely high Gas fee, transferring all the funds out of the wallet. Because the Gas fee is much higher than the platform relayer's default settings, this "draining" transaction is confirmed by the network first. When the relayer subsequently submits the matching result to the chain, the attacker's wallet is already empty, and the transaction fails and rolls back due to insufficient balance.
If the story ended here, it would only waste a bit of the relayer's Gas fee. But the truly fatal step is this: although the transaction fails on-chain, Polymarket's off-chain system will forcibly remove all the innocent market maker orders that participated in this failed matching from the order book. In other words, the attacker uses a transaction destined to fail to "one-click clear" the buy and sell orders placed by others with real money.
To use an analogy: It's like shouting a high bid at an auction, then turning around at the moment the hammer falls and saying "I have no money," but the auction house confiscates all the bidding paddles of the other normal bidders, causing the auction to fail.
It is worth noting that the community later discovered an "upgraded version" of this attack, named "Ghost Fills." The attacker no longer needs to front-run the transfer but directly calls the "cancel all orders" function on the contract after the order is matched off-chain and before on-chain settlement, instantly invalidating their own order to achieve the same effect. More cunningly, the attacker can place orders in multiple markets simultaneously, observe the price trend, then only keep the favorable orders to execute normally and use this method to cancel the unfavorable ones, essentially creating a "win-only" free option.
Attack "Economics": A Few Cents in Cost, $16,000 in Profit
Beyond directly clearing market maker orders, this state desynchronization between off-chain and on-chain is also used to hunt automated trading bots. According to monitoring by the GoPlus security team, affected bots include Negrisk, ClawdBots, MoltBot, and others.
The attacker clearing others' orders and creating "ghost fills" do not directly generate profits themselves. So how is the money actually made?
PANews found that the attacker's profit paths mainly follow two routes.
The first is "monopolizing market making after clearing the field." Under normal circumstances, the order book of a popular prediction market has multiple market makers competing to place orders. The spread between the best bid and ask is usually narrow, for example, bids at 49 cents and asks at 51 cents, with market makers earning微利 from the 2-cent spread. The attacker repeatedly initiates "doomed-to-fail transactions" to forcibly clear all these competitors' orders. The market then becomes a vacuum. The attacker immediately places their own buy and sell orders but with a significantly widened spread, for example, bids at 40 cents and asks at 60 cents. Other users needing to trade, having no better quotes, are forced to accept this price, allowing the attacker to profit from the 20-cent "monopoly spread." This mode cycles: clear the field, monopolize, profit, clear again.
The second profit path is more direct: "hunting hedging bots." A concrete example illustrates this: Suppose the price of "Yes" in a certain market is 50 cents. The attacker places a $10,000 "Yes" buy order to a market-making bot via the API. After the off-chain system confirms the match, the API immediately tells the bot, "You have sold 20,000 shares of Yes." Upon receiving the signal, the bot, to hedge risk, immediately buys 20,000 shares of "No" in another related market to lock in profits. But then, the attacker causes that $10,000 buy order to fail and roll back on-chain, meaning the bot actually never sold any "Yes." The hedge position it thought it had now becomes a naked one-sided bet, holding only 20,000 shares of "No" without the corresponding short position to protect it. The attacker then trades in the market for real, profiting from the bot being forced to sell these unprotected positions or directly arbitraging from the market price shift.
On the cost side, each attack cycle only requires paying less than $0.10 in Gas fees on the Polygon network. Each cycle takes about 50 seconds, theoretically allowing about 72 executions per hour. One attacker set up a "dual-wallet循环系统" (Cycle A Hub and Cycle B Hub operating alternately), achieving fully automated high-frequency attacks. Hundreds of failed transactions have been recorded on-chain.
On the profit side, an attacker address flagged by the community and reviewed by PANews shows that the account was newly registered in February 2026, participated in only 7 markets, but has already realized a total profit of $16,427, with the largest single profit reaching $4,415. Core profit-making activities were concentrated within an extremely short time window. That is, the attacker used a total cost of possibly less than $10 in Gas to leverage over $16,000 in profit in a single day. And this is just one flagged address; the actual number of addresses involved in the attack and the total profit may be far greater.
For the victimized market makers, the losses are more difficult to quantify. A trader running a BTC 5-minute market bot on Reddit stated losses reached "thousands of dollars." The deeper damage lies in the opportunity cost of frequently forced order removal and the operational overhead of被迫调整做市策略.
A more棘手的问题 is that this vulnerability is an issue with the underlying mechanism design of Polymarket and cannot be fixed in the short term. As this attack method becomes public, similar attacks will become more common, further damaging Polymarket's already fragile liquidity.
Community Self-Help, Warnings, and the Platform's Silence
As of now, Polymarket官方 has not released a detailed statement or fix for this order attack. Some users have stated on social media that this bug was reported multiple times months ago but was consistently ignored. It is worth mentioning that Polymarket previously chose to refuse refunds when facing the "governance attack" (UMA Oracle vote manipulation) incident.
With no official action, the community began to find its own solutions. A community developer voluntarily created an open-source monitoring tool called "Nonce Guard." This tool can monitor order cancellation operations on the Polygon chain in real-time, build a blacklist of attacker addresses, and provide general warning signals for trading bots. However, this solution is essentially a monitoring-enhanced patch and cannot fundamentally solve this type of problem.
Compared to other arbitrage methods, the potential impact of this attack method could be more far-reaching.
For market makers, the hard-maintained orders can be batch-cleared without warning, completely destroying the stability and predictability of market-making strategies. This may directly shake their willingness to continue providing liquidity on Polymarket.
For users running automated trading bots, the成交 signals returned by the API are no longer trustworthy. Ordinary users trading may suffer significant losses due to instantly disappearing liquidity.
For the Polymarket platform itself, when market makers dare not place orders and bots dare not hedge, the order book depth will inevitably shrink, and this vicious cycle will further intensify.
Twitter:https://twitter.com/BitpushNewsCN
Bitpush TG Discussion Group:https://t.me/BitPushCommunity
Bitpush TG Subscription: https://t.me/bitpush
