GoPlus: Polymarket Hacked, Off-Chain and On-Chain Transaction Result Synchronization Mechanism Has Flaws

robot
Abstract generation in progress

Deep Tide TechFlow News, February 20 — According to the GoPlus Chinese community, the prediction market platform Polymarket was hacked due to a design flaw in the synchronization mechanism between off-chain and on-chain transaction results in its order system. The attacker manipulated nonces to cause on-chain matched transactions to be canceled or invalidated before settlement, while off-chain records remained valid, leading to API false reports, affecting trading bots like Negrisk, and resulting in user losses.

The attack process is analyzed as follows:

  1. The attacker submits/matches large reverse trades with a market-making bot on Polymarket’s off-chain order book.

  2. The attacker constructs transactions with forged/repeated nonces or exploits on-chain nonce competition, causing on-chain transactions to inevitably revert.

  3. Polymarket API returns “Trade Successful” to the bot before on-chain confirmation, leading the bot to believe positions are hedged, while the on-chain state has not yet changed.

  4. The attacker then exploits the exposed direction of the bot with real on-chain transactions, achieving “risk-free” profit.

  5. Since the revert occurs at the blockchain layer, Polymarket fees do not explode, making the attack cost manageable and sustainable.

GoPlus recommends users pause automated trading tools, verify on-chain transaction statuses, strengthen wallet security, and closely monitor official Polymarket announcements.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
0/400
No comments
  • Pin

Trade Crypto Anywhere Anytime
qrCode
Scan to download Gate App
Community
English
  • 简体中文
  • English
  • Tiếng Việt
  • 繁體中文
  • Español
  • Русский
  • Français (Afrique)
  • Português (Portugal)
  • Bahasa Indonesia
  • 日本語
  • بالعربية
  • Українська
  • Português (Brasil)