A $0.1 transaction can cause Polymarket market makers to lose everything.

Author: Frank, PANews

An on-chain transaction costing less than $0.10 can instantly wipe out market-making orders worth tens of thousands of dollars from Polymarket’s order book. This is not just a theoretical scenario; it’s happening in reality.

In February 2026, a user disclosed a new attack method targeting Polymarket market makers on social media. Blogger BuBBliK described it as “elegant & brutal,” because the attacker only needs to pay less than $0.10 in Gas fees on the Polygon network to complete an attack cycle in about 50 seconds. Meanwhile, victims—market makers and automated trading bots posting real buy and sell orders—face forced order removals, exposed positions, or even direct losses.

PANews examined a community-flagged attacker address that was registered in February 2026. It participated in only 7 markets but has already recorded a total profit of $16,427, mostly realized within a day. When a leading prediction market with a valuation of $9 billion can have its liquidity foundation shaken by just a few cents in costs, it reveals far more than just a technical vulnerability.

PANews will analyze the technical mechanics of this attack, its economic logic, and its potential impact on the prediction market industry.

How the Attack Happens: A Precise “Time-Delay” Kill Shot

To understand this attack, first, we need to grasp Polymarket’s trading process. Unlike most DEXs, Polymarket aims to provide a user experience similar to centralized exchanges by adopting a “off-chain matching + on-chain settlement” hybrid architecture. Users place orders and matching occurs instantly off-chain, with only final fund transfers submitted to the Polygon chain for execution. This design offers zero-Gas limit orders and second-level transaction speeds but creates a “time gap” of a few seconds to over ten seconds between off-chain and on-chain states. Attackers exploit this window.

The attack logic is straightforward. The attacker first places a buy or sell order via API normally. The off-chain system verifies signatures and balances without issue, then matches it with other market makers’ orders on the order book. Almost simultaneously, the attacker initiates an on-chain transaction with very high Gas fees to transfer all funds out of their wallet. Because the Gas cost far exceeds the platform’s relay default settings, this “drain” transaction gets confirmed first. When the relay submits the matching result on-chain afterward, the attacker’s wallet is already empty, causing the transaction to fail and rollback due to insufficient funds.

If it ended here, it would just be a waste of relay Gas fees. But the real damage comes from the fact that, although the on-chain transaction fails, Polymarket’s off-chain system forcibly removes all the innocent market maker orders involved in that failed match from the order book. In other words, with a single doomed transaction, the attacker clears all genuine buy and sell orders posted with real money.

A good analogy is shouting bids at an auction, then suddenly claiming “I have no money” at the hammer drop, while the auction house confiscates all other legitimate bidders’ paddles, causing the auction to fail.

Notably, the community later discovered an “upgraded” version of this attack called “Ghost Fills.” Instead of racing to transfer funds, the attacker, after off-chain matching but before on-chain settlement, directly calls a contract’s “cancel all orders” function to instantly invalidate their orders, achieving the same effect. Smarter still, the attacker can place orders across multiple markets, observe price movements, and only keep profitable orders while canceling unprofitable ones—effectively creating a “risk-free option” with no cost.

Economic Mechanics of the Attack: A Few Cents for $16,000+

Besides clearing market maker orders directly, this off-chain/on-chain state mismatch is also used to hunt automated trading bots. According to the GoPlus security team, affected bots include Negrisk, ClawdBots, MoltBot, among others.

While removing others’ orders and creating “ghost fills” doesn’t directly generate profit, how does the attacker make money?

PANews found that the attacker’s profit mainly comes from two paths.

First, “Market Monopoly Post-Cleaning.” Normally, a popular prediction market’s order book has multiple market makers competing with narrow spreads—say, buy at 49 cents, sell at 51 cents, earning a few cents per trade. The attacker repeatedly initiates “doomed” transactions to forcibly clear competitors’ orders. Once the order book is empty, the attacker posts their own orders, but with a much wider spread—say, buy at 40 cents, sell at 60 cents. Other traders, lacking better quotes, must accept these prices, allowing the attacker to profit from the 20-cent “monopoly spread.” This cycle repeats: clear, monopolize, profit, then clear again.

Second, a more direct profit route is “Hunting Hedge Bots.” For example, suppose the “Yes” price in a market is 50 cents. The attacker places a $10,000 “Yes” buy order via API. After off-chain matching confirms, the API immediately signals to a market-making bot that it has sold 20,000 “Yes” shares. To hedge, the bot quickly buys 20,000 “No” shares in another related market to lock in profit. But then, the attacker causes that $10,000 buy order to fail and rollback on-chain, meaning the bot never actually sold “Yes.” Its supposed hedge position becomes a naked bet, holding 20,000 “No” shares without the corresponding short. The attacker can then trade on the real market, exploiting the bot’s forced liquidation of unhedged positions or arbitraging price shifts.

Each attack cycle costs less than $0.10 in Gas on Polygon, takes about 50 seconds, and theoretically can be executed around 72 times per hour. An attacker set up a “dual-wallet cycle system” (Cycle A Hub and Cycle B Hub alternating) to automate high-frequency attacks. Hundreds of failed transactions are already recorded on-chain.

On the profit side, a community-flagged address registered in February 2026 has only participated in 7 markets but has already netted $16,427, with a maximum single-profit of $4,415. Most profits are concentrated in a very short window. In other words, with less than $10 in Gas costs, the attacker has leveraged over $16,000 in profit within a day. And this is just one flagged address; the actual number of attacker addresses and total gains could be much higher.

For the affected market makers, losses are even harder to quantify. Reddit traders running BTC 5-minute market bots report losses “in the thousands of dollars.” The deeper damage lies in opportunity costs and operational overhead from frequent forced order removals and strategy adjustments.

More troubling is that this vulnerability stems from fundamental design flaws in Polymarket’s architecture, which cannot be fixed quickly. As this attack method becomes public, similar exploits are likely to become more widespread, further undermining Polymarket’s already fragile liquidity.

Community Self-Help, Warnings, and Platform Silence

So far, Polymarket has not issued a detailed statement or fix for this order attack. Some users on social media say the bug was reported multiple times months ago but was ignored. Notably, Polymarket previously refused to refund after a “governance attack” involving UMA Oracle voting manipulation.

In the absence of official action, the community has started to develop solutions. A community developer created an open-source monitoring tool called “Nonce Guard,” which can track order cancellations on Polygon, build a blacklist of attacker addresses, and provide generic alerts for trading bots. However, this is essentially a patch for better monitoring and does not fundamentally resolve the underlying issue.

Compared to other arbitrage methods, this attack could have more profound impacts.

For market makers, their carefully maintained orders can be wiped out en masse without warning, destroying the stability and predictability of their strategies—potentially discouraging liquidity provision on Polymarket.

For users running automated trading bots, API signals become unreliable, and ordinary traders may suffer significant losses due to sudden liquidity disappearance.

For the platform itself, when market makers hesitate to post orders and bots avoid hedging, the order book depth will inevitably shrink, creating a vicious cycle of deteriorating liquidity.