Recently, an incident that occurred in the weather prediction market of Polymer Market is quite interesting. There was an attack that stole $34,000 with just a hairdryer, but this is not just simple fraud; it exposes a structural vulnerability in the entire prediction market.

The origin of the incident dates back to April. A weather sensor installed at Charles de Gaulle Airport in Paris recorded a sudden 4-degree Celsius increase in temperature within just 12 minutes. Subsequently, the same phenomenon reoccurred nine days later. In both cases, a specific temperature range was hit in the "Paris Highest Temperature" market on Polymer Market. Through two calculated manipulations, $34,000 flowed into an anonymous account that was opened just 48 hours earlier.

French meteorologists quickly noticed something was abnormal. The other nearby observation stations did not show the same fluctuation, nor were there changes in wind or humidity. The conclusion was clear: someone placed a heating device near the sensor. Later, the French meteorological agency discovered physical tampering traces and officially filed criminal charges.

What’s important here is that this attack was not due to vulnerabilities in smart contracts or blockchain issues, but rather a flaw in the rules themselves. Polymer Market’s weather markets rely entirely on a single sensor data. There is no verification from multiple locations, no abnormal value filtering. The rules do not consider data correction after settlement, so once contaminated data is finalized, it’s game over.

Some call this a "physical oracle attack." Unlike traditional digital oracle attacks, it bypasses on-chain logic and directly influences real-world metal probes. The cost is about 30 euros for a hairdryer, and the return can be tens of thousands of dollars. This extreme cost-performance gap, even if not called meme contamination, fundamentally shakes the market’s trustworthiness.

After the incident, Polymer Market did not issue an official statement but simply changed the data source from Charles de Gaulle Airport to Orly Airport. They also did not refund the $34,000 already paid. Instead of admitting the flaw, swapping the probe was easier.

This suggests that designing prediction markets is truly difficult. Eliminating single points of failure, managing physical access, ensuring flexibility in settlement mechanisms—these are all necessary but not implemented. If there were a market where the temperature could spike from 0.1% to 95%, someone would definitely try to exploit it. If the rules are lax, a hairdryer is enough.