Polymarket Hacked Due to Sync Vulnerability
What happened
DeFi prediction market Polymarket suffered a hack that exploited flaws in its off-chain and on-chain transaction synchronization. Attackers were able to leverage the gap between transaction states to steal user funds. The incident highlights the persistent security risks at the boundary between off-chain systems and on-chain logic.
Why it matters
- The exploit specifically targeted automated trading bots, such as one named Negrisk, by manipulating transaction nonces. This created a scenario where a trade appeared successful off-chain to the bot, but was designed to fail on-chain. - Attackers achieved this by submitting large opposing trades against the bots in the off-chain order book. They would then execute a genuine on-chain trade to profit from the bot's now-exposed position. - Because the malicious transactions were reverted at the chain layer, the attack was cost-effective for the hacker as it did not incur significant fees on Polymarket. - In response to the incident, security firm GoPlus advised users to suspend the use of automated trading tools and to always verify transaction statuses on-chain. - This incident follows other recent security issues for the platform, including a phishing campaign in its comment sections that led to over $500,000 in user losses in November 2025. - In December 2025, a vulnerability in the third-party login service Magic Labs was exploited to drain user accounts, bypassing two-factor authentication. - Additionally, a Telegram-based trading bot for Polymarket called Polycule was hacked in January 2026, resulting in the theft of approximately $230,000 from its users.
Key numbers
- This incident follows other recent security issues for the platform, including a phishing campaign in its comment sections that led to over $500,000 in user losses in November 2025.
- In December 2025, a vulnerability in the third-party login service Magic Labs was exploited to drain user accounts, bypassing two-factor authentication.
- Additionally, a Telegram-based trading bot for Polymarket called Polycule was hacked in January 2026, resulting in the theft of approximately $230,000 from its users.
Quick answers
What happened in Polymarket Hacked Due to Sync Vulnerability?
DeFi prediction market Polymarket suffered a hack that exploited flaws in its off-chain and on-chain transaction synchronization. Attackers were able to leverage the gap between transaction states to steal user funds. The incident highlights the persistent security risks at the boundary between off-chain systems and on-chain logic.
Why does Polymarket Hacked Due to Sync Vulnerability matter?
The exploit specifically targeted automated trading bots, such as one named Negrisk, by manipulating transaction nonces. This created a scenario where a trade appeared successful off-chain to the bot, but was designed to fail on-chain. Attackers achieved this by submitting large opposing trades against the bots in the off-chain order book. They would then execute a genuine on-chain trade to profit from the bot's now-exposed position. Because the malicious transactions were reverted at the chain layer, the attack was cost-effective for the hacker as it did not incur significant fees on Polymarket. In response to the incident, security firm GoPlus advised users to suspend the use of automated trading tools and to always verify transaction statuses on-chain. This incident follows other recent security issues for the platform, including a phishing campaign in its comment sections that led to over $500,000 in user losses in November 2025. In December 2025, a vulnerability in the third-party login service Magic Labs was exploited to drain user accounts, bypassing two-factor authentication. Additionally, a Telegram-based trading bot for Polymarket called Polycule was hacked in January 2026, resulting in the theft of approximately $230,000 from its users.
