Rewards Hub Polymarket, a prediction market platform, has been hacked due to a vulnerability in its off-chain and on-chain trade settlement synchronization. The attacker exploited this flaw by manipulating nonces to cancel or invalidate on-chain matched trades before settlement, while off-chain records remained valid. This led to API misreporting and affected trading bots, resulting in user losses.
The attack involved the attacker submitting large opposite trades against market-making bots on Polymarket’s off-chain order book and constructing transactions with forged or duplicate nonces. This ensured on-chain transactions would revert, while the API falsely confirmed trade execution to bots. The attacker then executed genuine on-chain trades to profit from the bots' exposed positions. GoPlus advises users to suspend automated trading tools and verify on-chain transaction statuses.
Polymarket Hacked Due to Off-Chain and On-Chain Sync Flaw
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.