Polymarket Exploited via Offchain-Onchain Settlement Flaw and Nonce Manipulation

Prediction market platform Polymarket was exploited through a design flaw in its offchain-onchain trade settlement synchronization, where attackers manipulated nonces to invalidate onchain matched trades while offchain records remained effective, GoPlus Chinese Community reports. The attackers submitted large opposing orders against market-making bots on Polymarket's offchain order book, crafted transactions with forged or duplicate nonces, and used onchain nonce competition to cause transaction reverts, while Polymarket's API sent "trade executed" confirmations to bots before onchain confirmation, enabling subsequent genuine onchain trades to capture riskfree profits. GoPlus Chinese Community said the attack remained cost-effective and repeatable as reverts occurred at the chain layer without causing spikes in Polymarket fees, leading to user losses and affecting trading bots including Negrisk. GoPlus Chinese Community recommends users pause automated trading tools, verify onchain transaction status, improve wallet security, and follow official Polymarket announcements.