Contract Audit Passed, Thermometer Did Not: Polymarket's 'Physical Vulnerability' Moment

marsbitОпубликовано 2026-04-23Обновлено 2026-04-23

Введение

According to reports, an individual manipulated temperature sensors at Paris Charles de Gaulle Airport (LFPG) on April 6th and 15th, causing brief, anomalous spikes of over 3°C. These events were allegedly orchestrated to profit from corresponding low-probability bets on the prediction market Polymarket, turning a small investment into approximately $34,000. The French national meteorological service, Météo-France, filed a criminal lawsuit after discovering signs of physical tampering. The attack required minimal technical skill; the perpetrator reportedly used a battery-powered hairdryer to briefly heat the publicly accessible sensor. Polymarket’s market for Paris temperature settles based on the day's highest recorded temperature from a data chain that runs from the physical sensor to Météo-France, to Weather Underground, and finally to its smart contract. In response, Polymarket did not void the profits or make an official statement. It silently changed the data source for its Paris market from LFPG to Le Bourget Airport (LFPB), a location with similarly unprotected sensors. This incident highlights a critical vulnerability: while the smart contracts are audited and secure, the physical data sources feeding them remain exposed and easy to manipulate.

Original Author: Sanqing, Foresight News

According to French media Le Monde, on April 6th and 15th, the meteorological sensors at Paris Charles de Gaulle Airport experienced two anomalies. The temperature surged by more than 3°C within minutes before quickly returning to normal, as if nothing had happened. Behind each anomaly, someone had placed bets on the corresponding low-probability temperature range on Polymarket in advance. From a principal of just tens of dollars, they collectively walked away with approximately $34,000 from these two incidents. The account that placed the first bet was created just two days before the anomaly occurred.

Météo-France subsequently conducted a physical inspection of the sensors and found signs of human intervention. They filed a criminal complaint with the Charles de Gaulle Airport Gendarmerie, with the charge being "interfering with an automated data processing system." According to an analysis in an AR15 forum post, based on Article 323-2 of the French Penal Code, and because Météo-France is a public institution, the related charges could carry a maximum penalty of 7 years imprisonment and a fine of 300,000 euros.

The Technical Sophistication of This Scam Is Approximately Zero

The settlement chain for Polymarket's Paris temperature market is as follows: Physical Sensor → Météo-France → Weather Underground → Polymarket Contract.

On this chain, the smart contract part is audited, data transmission is automated, and Weather Underground's data scraping is real-time. The only weak point is at the very beginning: a thermometer standing by the airport roadside, without fencing, without cameras, accessible to anyone who walks by.

All the attacker needed was a battery-powered heat gun/hairdryer.

Polymarket bases its settlement on the day's maximum temperature. This means that creating one brief temperature peak is enough to rewrite the official record for the day.

Acting in the evening or at night is more ideal, as the daytime high has usually already passed, making subsequent readings more likely to become the new record. Therefore, the suspect chose 7 PM on April 6th and 9:30 PM on April 15th.

The operational procedure was likely: buy the low-probability option in advance, walk to the sensor at night, turn on the heat gun, wait for the reading to cross the target temperature, stop, leave, and wait for on-chain settlement.

The entire operation required no technical skill whatsoever, just some understanding of the settlement mechanism and a willingness to walk to the edge of the airport.

Polymarket's Response: Quietly Swapped the Thermometer

Polymarket has not issued any official statement regarding this incident. The only thing it did was change the settlement data source for the Paris temperature market from Charles de Gaulle Airport (LFPG) to Le Bourget Airport (LFPB).

The profits from the two accounts were not revoked; the market settled normally according to the on-chain records.

The sensor at Le Bourget Airport is also placed outdoors, similarly without physical protection. They changed the address, but the problem remains entirely unchanged.

This is not Polymarket's first controversy. In October 2024, a French trader was accused of manipulating Trump election odds using 4 linked accounts, reportedly profiting $85 million; in March 2025, a whale used 5 million tokens to forcibly push through a UMA governance vote, settling a controversial market with a "Yes" outcome, involving $7 million; in January and March 2026, anomalous bets appeared in markets related to Venezuela and Iran respectively, with the latter already drawing attention from the US Congress...

Previous incidents at least required millions of dollars in capital or governance tokens; this time the cost was just a heat gun.

The Contract Was Audited, The Thermometer Was Not

This story has an absurd sense of humor. A prediction market running on the blockchain, touting decentralization and immutability, was thoroughly exploited twice by a battery-powered heat gun. Cryptography was of no help in this matter because it never verifies whether the input data is real.

Polymarket currently has 173 active weather markets. The settlement basis for most of these markets is a single physical sensor in some location.

When a sensor is used as a meteorological tool, its credibility comes from the fact that no one has a motive to tamper with it. Polymarket gave it a new incentive structure but provided no new physical protection.

The Météo-France thermometer dutifully recorded the temperature it sensed. It just didn't know it had become a financial settlement terminal.

Связанные с этим вопросы

QWhat was the key vulnerability exploited in the Polymarket Paris temperature market incident?

AThe physical vulnerability of the meteorological sensor at Charles de Gaulle Airport, which was unprotected and could be easily manipulated with a simple tool like a battery-powered hairdryer.

QHow did the attackers profit from manipulating the temperature sensor?

AThey placed bets on low-probability temperature ranges on Polymarket just before artificially spiking the temperature, turning a small investment of tens of dollars into approximately $34,000 in profits across two incidents.

QWhat was Polymarket's response to the temperature manipulation incidents?

APolymarket did not issue an official statement or reverse the profits. They silently changed the data source for the Paris temperature market from Charles de Gaulle Airport (LFPG) to Le Bourget Airport (LFPB), which had the same physical vulnerability.

QWhat legal consequences might the perpetrators face according to the article?

AUnder French law, specifically Article 323-2, and because Météo-France is a public institution, the charges for interfering with an automated data processing system could result in up to 7 years in prison and a €300,000 fine.

QWhat does the incident reveal about the limitations of blockchain-based prediction markets like Polymarket?

AIt highlights that while smart contracts are audited and the blockchain is secure, the system remains vulnerable if the real-world data inputs (oracles) are not physically secure and can be easily manipulated, undermining the integrity of the market.

Похожее

A Hair Dryer Blows Away $34,000 from Polymarket

A hairdryer was used to manipulate a temperature sensor at Paris Charles de Gaulle Airport (LFPG) on April 6 and 15, 2026, causing short-lived artificial temperature spikes. These false readings were used to exploit a prediction market on Polymarket, where users bet on Paris’s daily maximum temperature. The attacker targeted low-probability high-temperature outcomes, which settled as "Yes" based on the corrupted data, netting a total of $34,000 in profit. The attacker’s a newly created anonymous account funded just two days before the first incident. After the successful manipulations, the funds were quickly moved through mixers and decentralized exchanges to avoid tracing. French meteorological experts and authorities confirmed the anomalies were inconsistent with actual weather conditions and nearby station data, pointing to physical intervention. Legal action was initiated for "disrupting automated data processing systems," which carries severe penalties under French law. Polymarket’s market rules relied solely on a single, publicly accessible sensor and did not account for subsequent data revisions, making the system vulnerable to such physical oracle attacks. In response, Polymarket silently switched its data source to Paris-Le Bourget Airport (LFPB) without public explanation or refunding the exploited funds. The incident highlights the risks of single-point data dependencies in prediction markets and the low-cost, high-reward potential of real-world manipulation.

marsbit9 мин. назад

A Hair Dryer Blows Away $34,000 from Polymarket

marsbit9 мин. назад

A Voice from a Seasoned Polymarket User: We've Actually Been Overtaken by Our Competitor

A veteran Polymarket user expresses deep concern that the platform is losing its leadership in the prediction market space to its competitor, Kalshi. Despite Polymarket's pioneering role, strong brand, and cultural significance, operational issues and strategic missteps have allowed Kalshi to gain a significant advantage. Key points include: - Kalshi now has a higher valuation ($22B vs. $15B) and greater trading volume year-to-date. - Polymarket faces repeated technical delays, poor communication, and extended downtime, undermining user trust. - The recent announcement of perpetual contracts—prior to fixing core platform issues and fully launching the U.S. app—signals misplaced priorities, focusing on monetization over stability and accessibility. - The author urges Polymarket to prioritize fixing the platform, opening the U.S. app to all users, and improving operational reliability before expanding into new products. Despite these challenges, the author remains optimistic due to Polymarket’s iconic brand, strong community, major partnerships (e.g., ICE, MLB), and regulatory positioning. The piece concludes with a call to action: stabilize the core product, execute reliably, and reclaim market leadership.

marsbit14 мин. назад

A Voice from a Seasoned Polymarket User: We've Actually Been Overtaken by Our Competitor

marsbit14 мин. назад

MetaMask Co-founder Departs, Leaving Behind a Little Fox Packaged in an IPO Prospectus

MetaMask co-founder Dan Finlay has left Consensys after a decade, citing burnout and a desire to spend more time with family. MetaMask, launched in 2016, is one of the most recognizable crypto wallets with over 100 million installs and 30 million monthly active users. Despite its dominant position, the wallet faces growing competition from newer entrants like Phantom, which has expanded beyond Solana and reportedly generates more than double MetaMask’s annual revenue. The timing of Finlay’s departure coincides with Consensys’s plans for an IPO, advised by J.P. Morgan and Goldman Sachs. The company, last valued at $7 billion in 2022, has undergone multiple rounds of layoffs amid slowing growth and internal challenges. Employee reviews on Glassdoor point to low morale and management issues. MetaMask’s delayed expansion into chains like Solana and the long-promised but unreleased $MASK token have also drawn criticism. While the wallet remains the default option for many Ethereum dApps, its product-market fit is weakening as new users increasingly choose alternatives. Consensys appears to be prioritizing monetizing MetaMask’s strong brand recognition through a public listing while its market position is still valuable. Finlay’s quiet exit reflects both personal fatigue and broader shifts in the competitive landscape of crypto wallets.

marsbit15 мин. назад

MetaMask Co-founder Departs, Leaving Behind a Little Fox Packaged in an IPO Prospectus

marsbit15 мин. назад

In-Depth Report on the On-Chain Lending Market: When Off-Chain Credit Meets On-Chain Liquidation

The on-chain lending market has evolved from a peripheral DeFi niche into core financial infrastructure. As of early 2026, total value locked (TVL) in on-chain lending protocols has reached $64.3 billion, accounting for 53.54% of total DeFi TVL, making it the largest and most mature vertical within decentralized finance. Aave dominates the sector with approximately $32.9 billion in TVL, commanding nearly half of the market—a leadership position that is unlikely to be challenged in the foreseeable future. However, the path of on-chain lending forward is not without risk. Liquidation cascades, credit defaults, and cross-chain vulnerabilities remain systemic threats hanging over the industry. At the same time, a deeper structural transformation is underway: on-chain lending is shifting from a “leverage tool for crypto-native users” to a “compliant gateway for institutional capital”. The scale of RWA (Real World Asset) lending has surpassed $18.5 billion, with U.S. Treasuries and government securities increasingly serving as core collateral. Institutional capital inflows are reshaping both the user base and risk appetite of the sector. This report systematically analyzes the evolution of on-chain lending definitions, competitive dynamics, core risks, and future trends, providing a comprehensive industry outlook for investors and trade practitioners. Key findings suggest that the “one dominant player with several strong challengers” structure will persist in the short term, while fixed-rate lending, compliant collateral, and institutional credit underwriting will define the next phase of competition. For investors focused on DeFi infrastructure, three key opportunity tracks stand out, namely, the Aave ecosystem (Morpho, Spark), RWA lending protocols (Ondo, Maple) and fixed-rate innovation (Notional, Pendle).

HTX Learn1 ч. назад

In-Depth Report on the On-Chain Lending Market: When Off-Chain Credit Meets On-Chain Liquidation

HTX Learn1 ч. назад

Unicorn Report: Within an Hour's Drive of the Bay Area, 90% of the World's AI Market Value is Concentrated

The 2025 Unicorn Report by Elad Gil reveals a dramatic concentration of AI unicorn value in the San Francisco Bay Area, which now holds 91% of the global generative AI unicorn market capitalization within a one-hour drive radius. The U.S. dominates globally with 65% of all unicorn value, a significant increase from previous years. While the rate of new unicorn creation has slowed post-2022, the average valuation of existing unicorns has reached a six-year high, driven overwhelmingly by AI companies. Generative AI unicorns saw an average valuation increase of $2.2 billion, far outpacing non-AI unicorns. The data indicates a powerful clustering effect, with the Bay Area solidifying its position as the world's premier AI hub, while other U.S. cities like New York and Los Angeles specialize in fintech/crypto and aerospace/defense, respectively.

marsbit1 ч. назад

Unicorn Report: Within an Hour's Drive of the Bay Area, 90% of the World's AI Market Value is Concentrated