Polymarket Hacked Due to Sync Vulnerability
DeFi prediction market Polymarket suffered a hack that exploited flaws in its off-chain and on-chain transaction synchronization. Attackers were able to leverage the gap between transaction states to steal user funds. The incident highlights the persistent security risks at the boundary between off-chain systems and on-chain logic.
- The exploit specifically targeted automated trading bots, such as one named Negrisk, by manipulating transaction nonces. This created a scenario where a trade appeared successful off-chain to the bot, but was designed to fail on-chain. - Attackers achieved this by submitting large opposing trades against the bots in the off-chain order book. They would then execute a genuine on-chain trade to profit from the bot's now-exposed position. - Because the malicious transactions were reverted at the chain layer, the attack was cost-effective for the hacker as it did not incur significant fees on Polymarket. - In response to the incident, security firm GoPlus advised users to suspend the use of automated trading tools and to always verify transaction statuses on-chain. - This incident follows other recent security issues for the platform, including a phishing campaign in its comment sections that led to over $500,000 in user losses in November 2025. - In December 2025, a vulnerability in the third-party login service Magic Labs was exploited to drain user accounts, bypassing two-factor authentication. - Additionally, a Telegram-based trading bot for Polymarket called Polycule was hacked in January 2026, resulting in the theft of approximately $230,000 from its users.
