A transaction of $0.1 can cause Polymarket market makers to lose everything

Author: Frank, PANews

A chain transaction costing less than $0.1 can instantly wipe out market orders worth tens of thousands of dollars from Polymarket's order book. This is not a theoretical deduction, but a reality that is happening.

In February 2026, a player disclosed a new type of attack against Polymarket market makers on social media. Blogger BuBBliK described it as "elegant & brutal," because the attacker only needs to pay less than $0.1 in Gas fees on the Polygon network to complete an attack cycle in about 50 seconds. The victims, those market makers and automated trading bots placing real money buy and sell orders on the order book, face multiple blows including forced removal of orders, passive exposure of positions, and even direct losses.

PANews reviewed an attacker address marked by the community and found that the account was registered in February 2026, participated in trades on only 7 markets, yet recorded a total profit of $16,427, with core profits completed in less than a day. When a prediction market leader valued at $9 billion can have its liquidity foundation shaken by a few cents, it reveals far more than just a technical flaw.

PANews will delve into the technical mechanisms, economic logic, and potential impacts of this attack on the prediction market industry.

How the Attack Occurs: A Precise Hunt Utilizing "Time Difference"

To understand this attack, one must first grasp Polymarket's trading process. Unlike most DEXs, Polymarket adopts a hybrid architecture of "off-chain matching + on-chain settlement" to pursue a user experience close to centralized exchanges. Users place orders and match them off-chain instantly, with only the final fund settlement submitted to the Polygon chain for execution. This design allows users to enjoy a gas-free order placement and instant transactions, but it also creates a "time difference" of a few seconds to over ten seconds between off-chain and on-chain, which the attacker targets.

The logic of the attack is not complicated. The attacker first places a normal buy or sell order through the API, and at this point, the off-chain system verifies that the signature and balance are fine, so it matches with other market makers' orders on the order book. However, almost simultaneously, the attacker initiates a USDC transfer on-chain with an extremely high Gas fee, draining all the money from their wallet. Since the Gas fee is much higher than the default settings of the platform's relayer, this "draining" transaction gets confirmed by the network first. By the time the relayer submits the matching result on-chain, the attacker's wallet is already empty, and the transaction fails and rolls back due to insufficient balance.

If the story ended here, it would just be a waste of a little relayer's Gas fee. But the truly fatal step is that although the transaction fails on-chain, Polymarket's off-chain system forcibly removes all innocent market maker orders involved in this failed match from the order book. In other words, the attacker uses a transaction destined to fail to "one-click clear" the buy and sell orders that others have placed with real money.

To put it in analogy: it's like loudly bidding at an auction, and at the moment the hammer falls, turning around and saying "I have no money," but the auction house confiscates all the paddles of other normal bidders, leading to the auction failing.

It is worth noting that the community later discovered an "upgraded version" of this attack, named "Ghost Fills." The attacker no longer needs to rush the transfer but directly calls the "cancel all orders" function on the contract after the order is matched off-chain and before on-chain settlement, making their orders instantly invalid, achieving the same effect. More cunningly, the attacker can place orders in multiple markets simultaneously, observe price trends, and only keep favorable orders for normal execution, canceling unfavorable ones using this method, essentially creating a "win without loss" free option.

The "Economics" of the Attack: A Few Cents Cost, $16,000 Profit

In addition to directly clearing market maker orders, this off-chain and on-chain state desynchronization is also used to hunt automated trading bots. According to monitoring by the GoPlus security team, affected bots include Negrisk, ClawdBots, MoltBot, and others.

The attacker's clearing of others' orders and creating "ghost fills" does not directly generate profit, so how is the money actually made?

PANews found that the attacker's profit path mainly has two routes.

The first is "monopolizing market making after clearing." Under normal circumstances, a popular prediction market's order book will have multiple market makers competing for orders, with the spread between the best buy and sell prices usually very narrow, for example, a buy order at $0.49 and a sell order at $0.51, with market makers earning a small profit from the $0.02 spread. The attacker repeatedly initiates "destined to fail transactions," forcibly clearing all these competing orders. At this point, the order book becomes a vacuum, and the attacker immediately places buy and sell orders with their account, but the spread is significantly widened, for example, a buy order at $0.40 and a sell order at $0.60. Other users needing to trade, without better quotes, have no choice but to accept this price, and the attacker profits from this $0.20 "monopoly spread." This model repeats: clear, monopolize, profit, and then clear again.

The second profit path is more direct, which is "hunting hedging bots." To illustrate with a specific example: suppose the price of "Yes" in a market is $0.50, the attacker places a $10,000 "Yes" buy order through the API to a market-making bot. After the off-chain system confirms the match, the API immediately tells the bot, "You have sold 20,000 shares of Yes." After receiving the signal, the bot, to hedge its risk, immediately buys 20,000 shares of "No" in another related market to lock in profits. But then, the attacker causes that $10,000 buy order to fail and roll back on-chain, meaning the bot actually did not sell any "Yes" at all, and its previously thought hedged position now becomes a naked one-sided bet, holding only 20,000 shares of "No" without a corresponding short position to protect it. The attacker can then trade in the market, profiting from the bot being forced to sell these unprotected positions or directly arbitraging from the price deviation.

From the cost perspective, each attack cycle requires less than $0.1 in Gas fees on the Polygon network, with each cycle taking about 50 seconds, theoretically allowing for about 72 executions per hour. One attacker set up a "dual wallet cycle system" (Cycle A Hub and Cycle B Hub operating alternately), achieving fully automated high-frequency attacks. Hundreds of failed transactions have already been recorded on-chain.

From the profit perspective, a community-marked attacker address reviewed by PANews shows that the account was newly registered in February 2026, participated in only 7 markets, yet achieved a total profit of $16,427, with the maximum single profit reaching $4,415, and core profit activities concentrated in a very short time window. In other words, the attacker leveraged a total Gas cost of possibly less than $10 to generate over $16,000 in profit within a day. And this is just one marked address; the actual addresses involved in the attack and total profit amounts may be much higher.

For the affected market makers, the losses are even harder to quantify. Traders operating BTC 5-minute market bots in the Reddit community reported losses of "thousands of dollars." The deeper harm lies in the opportunity costs from frequently being forced to remove orders and the operational expenses from having to adjust market-making strategies.

The more challenging issue is that this vulnerability is a problem with Polymarket's underlying mechanism design, which cannot be fixed in the short term. As this attack method becomes public, similar attacks will become more common, further damaging Polymarket's already fragile liquidity.

Community Self-Help, Warnings, and Platform Silence

As of now, Polymarket has not released a detailed statement or repair plan regarding this order attack, and some users have stated on social media that this bug had been reported multiple times months ago, but no one paid attention. It is worth mentioning that previously, Polymarket chose to refuse refunds when faced with a "governance attack" (UMA Oracle voting manipulation) incident.

In the absence of official action, the community began to find its own solutions. A community developer spontaneously created an open-source monitoring tool called "Nonce Guard," which can monitor order cancellation operations on the Polygon chain in real-time, build a blacklist of attacker addresses, and provide general warning signals for trading bots. However, this solution essentially serves as a patch for enhanced monitoring and does not fundamentally resolve such issues.

Compared to other arbitrage methods, the potential impact of this attack method may be even more profound.

For market makers, the hard-earned orders can be cleared in bulk without warning, and the stability and predictability of market-making strategies are completely lost, which may directly undermine their willingness to continue providing liquidity on Polymarket.

For users operating automated trading bots, the transaction signals returned by the API are no longer trustworthy, while ordinary users may suffer significant losses due to suddenly disappearing liquidity during trading.

For the Polymarket platform itself, when market makers are reluctant to place orders and bots are hesitant to hedge, the depth of the order book will inevitably shrink, further exacerbating this deteriorating cycle.