Crushing millions in liquidity for less than a cent, order attacks could drain Polymarket's liquidity foundation

A on-chain transaction costing less than $0.10 can instantly wipe out market-making orders worth tens of thousands of dollars from Polymarket’s order book. This is not just a theoretical scenario; it’s happening in real life.

In February 2026, a user disclosed a new attack method targeting Polymarket market makers on social media. Blogger BuBBliK described it as “elegant & brutal,” because the attacker only needs to pay less than $0.10 in Gas fees on the Polygon network to complete an attack cycle in about 50 seconds. The victims—market makers and automated trading bots posting real buy and sell orders—face forced order removals, exposed positions, or even direct losses.

PANews examined a community-flagged attacker address that was registered in February 2026. It participated in only 7 markets but has already recorded a total profit of $16,427, with most gains made within a single day. When a leading prediction market valued at $9 billion can have its liquidity foundation shaken by just a few cents in transaction costs, it reveals far more than just a technical vulnerability.

PANews will analyze the technical mechanics, economic logic, and potential industry impact of this attack.

How the Attack Occurs: Precise “Time Gap” Hunting

To understand this attack, first consider Polymarket’s trading process. Unlike most DEXs, Polymarket aims to provide a user experience similar to centralized exchanges by using a “off-chain matching + on-chain settlement” hybrid architecture. Orders are matched instantly off-chain, and only the final settlement is submitted to the Polygon chain. This design offers zero-Gas limit orders and instant execution, but it also creates a “time gap” of a few seconds to over ten seconds between off-chain matching and on-chain settlement, which attackers exploit.

The attack logic is straightforward. The attacker places a normal buy or sell order via API. The off-chain system verifies signatures and balances without issue, then matches it with other market makers’ orders on the order book. Almost simultaneously, the attacker initiates an on-chain transaction transferring all funds out of their wallet with a very high Gas fee. Since this Gas fee exceeds the platform’s relay default, this “drain” transaction gets confirmed first. When the relay submits the matching result to the chain afterward, the attacker’s wallet is already empty, causing the transaction to fail and roll back due to insufficient balance.

If this was the end of the story, it would just be a waste of relay Gas fees. But the real damage comes next: although the on-chain transaction fails, Polymarket’s off-chain system forcibly removes all the innocent market makers’ orders involved in that failed match from the order book. In other words, the attacker uses a doomed transaction to instantly clear all genuine buy and sell orders posted with real money.

To illustrate: it’s like loudly bidding at an auction, then suddenly claiming “I have no money” when the hammer falls, but the auction house confiscates all other legitimate bidders’ paddles, causing the auction to be canceled.

Notably, the community later discovered an “upgraded version” of this attack, called “Ghost Fills.” Instead of rushing to transfer funds, the attacker, after off-chain matching but before on-chain settlement, directly calls a contract’s “cancel all orders” function to instantly invalidate their orders, achieving the same effect. Smarter still, the attacker can place orders across multiple markets, observe price movements, and only keep profitable orders while canceling unprofitable ones—effectively creating a “risk-free option” with no cost.

“Economic” Aspects of the Attack: A Few Cents for $16,000+ in Gains

Besides directly clearing market maker orders, this off-chain/on-chain state mismatch is also used to hunt automated trading bots. According to GoPlus security team monitoring, affected bots include Negrisk, ClawdBots, MoltBot, and others.

While removing others’ orders and creating “ghost fills” doesn’t directly generate profit, how does the attacker make money?

PANews found that the attacker’s profit mainly comes from two paths.

First is “post-clear monopoly market making.” Normally, a popular prediction market’s order book has multiple market makers competing, with a narrow bid-ask spread—say, buy at 49 cents, sell at 51 cents, earning a few cents per trade. The attacker repeatedly initiates “doomed” transactions to forcibly clear these competing orders. Once the order book is empty, the attacker posts their own orders with a wide spread—say, buy at 40 cents, sell at 60 cents. Other traders, lacking better quotes, must accept these prices, allowing the attacker to profit from the 20-cent “monopoly spread.” This cycle repeats: clear, monopolize, profit, then clear again.

The second, more direct profit method is “hunting hedge bots.” For example: suppose the “Yes” price in a market is 50 cents. The attacker places a $10,000 “Yes” buy order via API to a market-making bot. After off-chain matching confirms the trade, the API immediately signals the bot “sold 20,000 Yes.” To hedge, the bot quickly buys 20,000 “No” in another related market to lock in profit. But then, the attacker causes that $10,000 buy order to fail and rollback on-chain, meaning the bot never actually sold “Yes.” Its supposed hedge position now becomes a naked bet—holding 20,000 “No” without the corresponding short. The attacker can then trade on the market, forcing the bot to sell these unhedged positions at a loss or arbitrage from price discrepancies.

Each attack cycle costs less than $0.10 in Gas on Polygon, takes about 50 seconds, and theoretically can be executed around 72 times per hour. An attacker set up a “dual-wallet cycle system” (Cycle A Hub and Cycle B Hub alternating) to automate high-frequency attacks. Hundreds of failed transactions have already been recorded on-chain.

On the profit side, a community-flagged attacker address registered in February 2026, participated in only 7 markets, but has already netted $16,427, with a maximum single-profit of $4,415. Most gains occurred within a very short window. In other words, with less than about $10 in Gas costs, the attacker has generated over $16,000 in profit in a single day. And this is just one flagged address; the total number of participating addresses and overall gains could be much higher.

For the affected market makers, losses are even harder to quantify. Reddit traders running BTC 5-minute market bots report losses “in the thousands of dollars.” The deeper damage lies in opportunity costs from orders being forcibly removed repeatedly, and the operational overhead of adjusting market-making strategies.

More troubling is that this vulnerability stems from fundamental design flaws in Polymarket’s underlying mechanism, which cannot be fixed quickly. As this attack method becomes public, similar techniques are likely to proliferate, further damaging Polymarket’s already fragile liquidity.

Community Self-Help, Warnings, and Platform Silence

So far, Polymarket has not issued a detailed statement or fix for this order attack. Some users on social media say the bug was reported months ago but ignored. Notably, Polymarket previously refused refunds during the “governance attack” involving UMA Oracle voting manipulation.

With no official response, the community has started to develop solutions. A community developer created an open-source monitoring tool called “Nonce Guard,” which can track order cancellations on Polygon, build a blacklist of attacker addresses, and provide general alerts for trading bots. However, this is essentially a monitoring patch and does not fundamentally resolve the underlying issue.

Compared to other arbitrage methods, this attack could have more profound impacts.

For market makers, the carefully maintained orders can be wiped out en masse without warning, destroying the stability and predictability of their strategies—potentially discouraging liquidity provision on Polymarket.

For users running automated trading bots, API signals become unreliable, and ordinary traders may suffer significant losses due to sudden liquidity disappearance.

For the Polymarket platform itself, if market makers stop posting orders and bots cease hedging, the order book depth will inevitably shrink, creating a vicious cycle of deteriorating liquidity.