Contract audit passed, but the thermometer is missing: The "physical vulnerability" of Polymarket is always present.

Original author: Sanqing, Foresight News

According to French media Le Monde, on April 6 and 15, weather sensors at Paris Charles de Gaulle Airport showed two successive anomalies. In both cases, temperatures rose by more than 3°C within a few minutes, then dropped back, as if nothing had happened. Behind each anomaly, someone had already placed bets in advance on the corresponding low-probability temperature range on Polymarket. In total, from an initial principal of tens of dollars, the two rounds netted about $34,000. The account that placed the first bet was created only two days before the anomaly occurred.

Météo-France subsequently conducted a physical inspection of the sensors and found signs of human interference. It filed criminal charges with the gendarmerie at Charles de Gaulle Airport, with the charge of “interfering with automated data processing systems.” According to an analysis of posts on the AR15 forum, under Article 323-2 of the French Criminal Code, and because Météo-France is a public institution, the related charges could carry a maximum of 7 years in prison and a €300,000 fine.

This scam has about zero technical sophistication

In Polymarket’s Paris temperature market, the settlement chain works like this: physical sensors → Météo-France → Weather Underground → Polymarket contract.

Along this chain, the smart contract portion has been audited, data transmission is automated, and Weather Underground’s scraping is real-time. The only soft spot is right at the very beginning: a thermometer placed by the roadside near the airport, with no barriers, no cameras, and anyone can just walk over to it.

All the tools the attacker needs are a hair dryer that can be powered by batteries.

Polymarket is based on the all-day highest temperature, which means you only need to create a brief temperature spike once in order to rewrite that day’s official records.

It’s more ideal to carry out the operation in the evening or at night. During the day, the highest temperature has usually already passed, so subsequent readings are more likely to become new records. Therefore, the suspect chose 7:00 PM on April 6 and 9:30 PM on April 15.

The operation process is roughly: buy a low-probability option in advance, walk to the sensor at night, turn on the hair dryer, wait for the reading to pass through the target temperature, pull away and leave, then wait for on-chain settlement.

There is no technical sophistication whatsoever in the entire operation—only a bit of understanding of the settlement mechanism, and a pair of legs willing to walk right to the edge of the airport.

Polymarket’s handling: quietly swapped out the thermometer

Polymarket has not issued any official statement about the matter. The only thing it did was change the data source for settlement of the Paris temperature market—from Charles de Gaulle Airport (LFPG) to Le Bourget Airport (LFPB).

The profits of the two accounts were not reversed, and the market settled normally according to the on-chain records.

The sensors at Le Bourget Airport are also placed out in the open and likewise have no physical protection. They swapped an address, and the problem remained exactly the same.

This is not the first time Polymarket has faced controversy. In October 2024, a French trader was accused of manipulating Trump election odds using 4 related accounts, reportedly netting $85 million in profit. In March 2025, a “whale” used 5,000,000 tokens to force a UMA governance vote, causing a controversial market to close with a “Yes,” involving $7 million. In January and March 2026, there were abnormal bets in markets related to Venezuela and Iran; the latter has been brought to the attention of the U.S. Congress, and so on……

In previous cases, at least several million dollars in capital or governance tokens were still needed. This time, the cost was just a hair dryer.

The contract audit is done, and the thermometer is the issue

This story has a kind of absurd humor to it. A prediction market running on a blockchain, selling decentralization and immutability as its selling points, got rubbed against the ground twice with a battery-powered hair dryer. Cryptography had nothing to do with it, because it never verifies whether the input data is real.

Polymarket currently has 173 active weather markets. For most of these markets, the settlement basis is some physical sensor in a particular location.

When a sensor is used as a meteorological instrument, its credibility comes from the fact that no one has a motive to tamper with it. Polymarket gave it a new incentive structure, but it did not give it any new physical protection.

The thermometer at Météo-France does its job and records the temperature it senses. It just doesn’t know that it has already become a financial settlement terminal.