Polymarket Hacked Due to Off-Chain and On-Chain Sync Vulnerability

According to GoPlus Chinese Community, the prediction market platform Polymarket suffered a cyberattack due to a design flaw in its off-chain and on-chain trade settlement synchronization mechanism. The attacker manipulated nonces to cancel or invalidate on-chain matched trades before settlement, while off-chain records remained valid, causing API misreporting and affecting trading bots such as Negrisk, resulting in user losses. The attack process is analyzed as follows: 1. The attacker submitted or matched large opposite trades against market-making bots on Polymarket’s off-chain order book. 2. The attacker constructed transactions with forged or duplicate nonces, or exploited on-chain nonce competition, ensuring that on-chain transactions would inevitably revert. 3. Polymarket’s API returned a “trade executed” confirmation to bots before on-chain confirmation, leading bots to believe positions were hedged, while the actual on-chain state remained unchanged. 4. The attacker then executed genuine on-chain trades to fill the exposed direction of the bots, achieving “risk-free” profits. 5. Since reverts occurred at the chain layer, Polymarket’s fees did not spike, making the attack cost-effective and repeatable. GoPlus recommends users suspend automated trading tools, verify on-chain transaction statuses, enhance wallet security, and closely monitor official Polymarket announcements.