Less Than 1 Cent to Crush Millions in Liquidity: Order Attack May Hollow Out Polymarket's Liquidity Foundation

A chain transaction costing less than $0.1 can instantly wipe out market-making orders worth tens of thousands of dollars from Polymarket's order book. This is not a theoretical exercise, but a reality unfolding.

In February 2026, a player disclosed a new attack method targeting Polymarket's market makers on social media. Blogger BuBBliK described it as "elegant & brutal," because the attacker only needs to pay less than $0.1 in Gas fees on the Polygon network to complete an attack cycle in about 50 seconds. The victims—market makers and automated trading bots who have placed real-money buy and sell orders on the order book—face multiple blows: forced order removal, passive exposure of positions, and even direct losses.

PANews examined an attacker address flagged by the community and found that the account was registered in February 2026, participated in only 7 markets, yet recorded a total profit of $16,427, with core gains essentially completed within a single day. When the liquidity foundation of a prediction market leader valued at $9 billion can be shaken by a cost of just a few cents, what is exposed goes far beyond a mere technical vulnerability.

PANews will delve into the technical mechanism, economic logic, and potential impact of this attack on the prediction market industry.

How the Attack Happened: A Precision Hunt Exploiting a "Time Gap"

To understand this attack, one must first understand Polymarket's trading process. Unlike most DEXs, Polymarket employs a hybrid architecture of "off-chain matching + on-chain settlement" to pursue a user experience close to that of centralized exchanges. User order placement and matching are completed instantly off-chain, with only the final fund settlement submitted for execution on the Polygon chain. This design allows users to enjoy a smooth experience with zero-Gas order placement and second-level execution, but it also creates a "time gap" of several seconds to over ten seconds between off-chain and on-chain states. The attacker precisely targeted this window.

The attack logic is not complex. The attacker first places a normal buy or sell order via the API. At this point, the off-chain system verifies the signature and balance without issue, then matches it with other market makers' orders on the order book. But almost simultaneously, the attacker initiates a USDC transfer on-chain with an extremely high Gas fee, transferring all funds from the wallet. Because the Gas fee far exceeds the platform relayer's default setting, this "draining" transaction is prioritized for network confirmation. By the time the relayer subsequently submits the matching result on-chain, the attacker's wallet is already empty, causing the transaction to fail and rollback due to insufficient balance.

If the story ended here, it would merely waste a bit of the relayer's Gas fee. However, the truly fatal step is this: although the transaction fails on-chain, Polymarket's off-chain system forcibly removes all innocent market maker orders that participated in this failed match from the order book. In other words, the attacker uses a transaction destined to fail to "one-click clear" the buy and sell orders others placed with real money.

To use an analogy: It's like shouting a high bid at an auction, then reneging at the moment the gavel falls, saying "I have no money." But the auction house confiscates the bidding paddles of all other normal bidders, causing the auction to fail.

Notably, the community later discovered an "upgraded version" of this attack, named "Ghost Fills." The attacker no longer needs to front-run transfers. Instead, after the order is matched off-chain but before on-chain settlement, they directly call the contract's "cancel all orders" function, instantly invalidating their own order to achieve the same effect. More cunningly, the attacker can place orders in multiple markets simultaneously, observe price movements, then only allow favorable orders to proceed normally while canceling unfavorable ones using this method, essentially creating a "win-only, no-lose" free option.

The "Economics" of the Attack: A Few Cents in Cost, $16,000 in Profit

Beyond directly clearing market maker orders, this state desynchronization between off-chain and on-chain is also used to hunt automated trading bots. According to monitoring by the GoPlus security team, affected bots include Negrisk, ClawdBots, MoltBot, and others.

The attacker clears others' orders and creates "ghost fills." These operations themselves do not directly generate profit. So how is the money actually made?

PANews' analysis reveals two main profit paths for the attacker.

The first is "monopolizing market making after clearing the field." Under normal circumstances, the order book of a popular prediction market has multiple market makers competing to place orders. The spread between the best bid and ask is usually narrow, for example, a bid at 49 cents and an ask at 51 cents, with market makers earning tiny profits from the 2-cent spread. By repeatedly initiating "doomed-to-fail transactions," the attacker forcibly clears all competing orders. At this point, the order book becomes a vacuum. The attacker then places their own buy and sell orders, but with a significantly widened spread, for example, a bid at 40 cents and an ask at 60 cents. Other users needing to trade, lacking better quotes, are forced to accept this price, allowing the attacker to profit from the 20-cent "monopoly spread." This pattern cycles: clear, monopolize, profit, repeat.

The second profit path is more direct: "hunting hedging bots." A concrete example illustrates this: Suppose the price of "Yes" in a certain market is 50 cents. The attacker places a $10,000 "Yes" buy order via API to a market-making bot. After the off-chain system confirms the match, the API immediately informs the bot, "You have sold 20,000 shares of Yes." Upon receiving the signal, to hedge risk, the bot immediately buys 20,000 shares of "No" in another related market to lock in profits. But then, the attacker causes that $10,000 buy order to fail and rollback on-chain, meaning the bot actually sold no "Yes" at all. Its previously assumed hedge position now becomes a naked, one-sided bet, holding only 20,000 shares of "No" without the corresponding short position for protection. The attacker can then trade in the market for real, profiting from the bot being forced to liquidate these unprotected positions or arbitraging directly from market price deviations.

On the cost side, each attack cycle requires paying less than $0.1 in Gas fees on the Polygon network. Each cycle takes about 50 seconds, theoretically allowing about 72 executions per hour. One attacker set up a "dual-wallet cycling system" (Cycle A Hub and Cycle B Hub operating alternately), achieving fully automated high-frequency attacks. Hundreds of failed transactions have already been recorded on-chain.

On the profit side, an attacker address flagged by the community and examined by PANews shows the account was newly registered in February 2026, participated in only 7 markets, yet achieved a total profit of $16,427, with a maximum single profit of $4,415. Core profit activities were concentrated within an extremely short time window. In other words, the attacker used a total Gas cost likely under $10 to leverage over $16,000 in profit within a single day. And this is just one flagged address; the actual number of participating addresses and total profit may be far greater.

For the victimized market makers, the losses are even harder to quantify. A trader running a BTC 5-minute market bot on Reddit reported losses in the "thousands of dollars." The deeper damage lies in the opportunity cost from frequent forced order removal and the operational overhead of forced adjustments to market-making strategies.

A more challenging issue is that this vulnerability stems from a design flaw in Polymarket's underlying mechanism and cannot be fixed in the short term. As this attack method becomes public, similar attacks will become more common, further damaging Polymarket's already fragile liquidity.

Community Self-Help, Warnings, and Platform Silence

As of now, Polymarket has not issued a detailed statement or fix regarding this order attack. Some users on social media have indicated that this bug was reported multiple times months ago but was consistently ignored. It is worth noting that Polymarket previously chose a non-refund approach when facing a "governance attack" (UMA Oracle vote manipulation) incident.

With no official action, the community began seeking its own solutions. A community developer voluntarily created an open-source monitoring tool called "Nonce Guard." This tool can monitor order cancellation operations on the Polygon chain in real-time, build a blacklist of attacker addresses, and provide a universal warning signal for trading bots. However, this solution is essentially a monitoring patch and cannot fundamentally resolve such issues.

Compared to other arbitrage methods, the potential impact of this attack could be more far-reaching.

For market makers, the orders they painstakingly maintain can be cleared in batches without warning, completely destroying the stability and predictability of their market-making strategies. This may directly shake their willingness to continue providing liquidity on Polymarket.

For users running automated trading bots, the execution signals returned by the API are no longer trustworthy. Ordinary users trading may suffer significant losses due to instantly vanishing liquidity.

For the Polymarket platform itself, when market makers dare not place orders and bots dare not hedge, order book depth will inevitably shrink, further exacerbating this vicious cycle.