PMX Trading Robot Hacked, $230,000 User Funds Lost, Official Promises Compensation

PMX’s Polycule trading bot was hacked, resulting in approximately $230,000 of user funds being stolen. The incident occurred on the night of January 7th. The official team quickly identified the source of the vulnerability, and a fix and audit are scheduled to go live by the end of this weekend. This is another security incident in the trading bot space following the previous theft of the meme TG bot, once again exposing the risks and hidden dangers of such products.

Key Information of the Incident

Attack Details and Response

PMX officially disclosed via announcement that hackers exploited a code vulnerability in the Polycule trading bot, leading to the theft of user funds. According to the official statement, the affected amount is about $230,000, mainly involving users on the Polygon chain.

The official response has been relatively swift:

• Identified the source of the vulnerability
• Fix and audit scheduled to be completed by this weekend
• Pledged to compensate affected users through the treasury
• Promised to restore user balances to pre-attack levels

Compensation Plan Evaluation

From the official compensation commitments, this “full refund” attitude is relatively responsible. However, the specific details of the compensation process (timeline, procedures, etc.) still need to be confirmed later. For affected users, the key point is that the official has indeed promised compensation, which is better than some projects adopting an “indifferent” attitude.

Industry Risk Reflection

Security Dilemmas of Trading Bots

This is not the first time a trading bot has experienced issues. Related reports mention that the meme TG bot was also previously hacked, and this PMX incident indicates that similar security risks may recur in areas like prediction markets and arbitrage tools.

Core issues faced by trading bot products:

• Require access to user funds or trading permissions, inherently risky
• Complex codebases, making vulnerabilities difficult to fully prevent
• Inconsistent auditing and security standards
• Users often lack sufficient risk awareness

Lessons for Users

This type of incident provides clear warnings to users:

• Trading bots are convenient but not risk-free
• When choosing products, consider the project’s security capabilities and track record
• Do not entrust all funds to any single automated tool
• The official response attitude and compensation commitments are also important factors in decision-making

Summary

The quick identification of the vulnerability and the commitment to compensation by PMX are commendable. However, this incident fundamentally reflects systemic security issues within the trading bot field. As these tools become more widely used, security incidents may continue to occur. For project teams, stricter code audits and security standards are necessary; for users, more cautious risk assessments are essential. This does not mean avoiding trading bots altogether, but rather understanding the risks involved and making more rational choices.