Allegations circulating among Polymarket traders this week have drawn attention to a deeper structural issue facing hybrid prediction exchanges: how tightly off-chain order matching systems are integrated with on-chain settlement guarantees.
Several users on X claim that bad actors may be exploiting a timing gap between Polymarket’s API-based central limit order book (CLOB) and its final settlement layer on Polygon. If accurate, the behavior would represent not simply a technical bug, but a stress test of hybrid exchange architecture.
An X user known as “SKi” alleged that “Bad actors are currently exploiting a race condition vulnerability between the Polymarket API & the blockchain to commit a DoS attack against competing LPs.” In a separate post, another trader claimed that “Polymarket just officially confirmed a technical exploit…” and posted this Polymarket disclaimer in their market rules section:
Polymarket did not respond to DeFi Rate’s request for comment at the time of publication and has not released a formal public technical explanation addressing the specific claims.
Bad actors are currently exploiting a race condition vulnerability between the @Polymarket API & the blockchain to commit a DoS attack against competing LPs
— SKi🦉 (@TheNotoriousSKi) February 23, 2026
This method allows for the rapid removal of orders from the book with each cycle requiring ~50s & less than 1 MATIC to run pic.twitter.com/PaEI8hZtwj
Alleged race condition between matching and settlement
The core allegation centers on what traders describe as a “race condition” between off-chain order matching and on-chain settlement. Polymarket uses an off-chain matching engine to provide low-latency trading and tighter spreads, with final settlement occurring on Polygon. According to traders outlining the issue, attackers are allegedly submitting orders through the API and then transferring USDC out of the associated wallet before the on-chain settlement transaction finalizes.
By increasing the gas fee on the outgoing transfer, the wallet balance may be reduced before the match orders transaction executes on-chain. If settlement then attempts to clear against insufficient funds, the transaction reverts.
Traders claim that when this occurs, maker liquidity may be removed from the book without a completed trade, effectively disrupting competing liquidity providers. The reported cost per cycle is low, in some cases described as under 1 MATIC, and the process can allegedly be repeated across multiple wallets.
If functioning as described, the mechanism would resemble a denial-of-service-style pressure targeting liquidity providers rather than a direct protocol exploit.
Claims of distorted price discovery
Separate posts from traders allege that bots are monitoring off-chain match activity and canceling exposure prior to blockchain finality, allowing them to avoid execution while influencing displayed probabilities.
In one derivative market, odds reportedly moved from approximately 0.6% to near 30% in a short period. Some participants attributed the move to repeated failed matches and order book disruption, though no formal forensic breakdown has been released.
Other traders reported receiving fills that later failed to settle, creating uncertainty around execution reliability. Another user questioned whether a recent hotfix had unintentionally worsened liquidity conditions, suggesting a previously implemented 500-millisecond order delay had been removed without resolving the exploit.
Without a formal technical explanation from Polymarket, it remains unclear whether the behavior reflects a design vulnerability, a temporary bug, or a misunderstanding of order processing mechanics. But the episode highlights structural tensions embedded in hybrid exchange models.
POLYMARKET JUST OFFICIALLY CONFIRMED A TECHNICAL EXPLOIT 🚨
— Lirratø (@itslirrato) February 21, 2026
They had to add a clarification today after someone used it to artificially pump derivative market odds from 0.6% to 30% (+5,000%)
How? The bot is frontrunning the matching engine
When you try to buy, the bot detects… pic.twitter.com/f0ps4sBWPs
Hybrid architecture and asynchronous settlement risk
At the center of the controversy is a common crypto market design choice: pairing off-chain order matching with on-chain settlement.
Hybrid CLOB systems offer significant advantages. Off-chain matching reduces latency, lowers transaction costs, and allows exchanges to compete on spread tightness and capital efficiency. Final settlement on-chain provides transparency and cryptographic finality.
However, separating matching from settlement introduces a timing gap. Between the moment an order is matched off-chain and the moment it achieves blockchain finality, account balances can change and transactions can reorder. That window — often measured in seconds — creates asynchronous execution risk.
In traditional financial markets, matching and clearing are tightly integrated within centralized systems backed by margin requirements and clearinghouses. Once a trade executes, settlement guarantees are embedded in the structure of the exchange itself.
In hybrid crypto exchanges, settlement depends on blockchain inclusion and wallet solvency at the time of execution. If balances shift between match confirmation and on-chain finality, settlement can fail.
If the alleged behavior on Polymarket operates as described, it would exploit precisely that asynchronous window. By triggering off-chain matches and altering balances before finalization, an attacker could cause settlement reverts that clear liquidity without executing trades.
The broader issue is not unique to Polymarket. It reflects a structural tradeoff: speed and capital efficiency versus atomic settlement guarantees.
Liquidity provider confidence and market integrity
Prediction markets rely on tight spreads and reliable execution to function as effective probability engines. Liquidity providers anchor displayed probabilities. If they cannot rely on matched trades clearing, spreads may widen and resting size may decline.
At scale, execution uncertainty can degrade price discovery quality — even if headline volumes remain high.
As prediction markets continue to post multi-billion-dollar weekly volumes, microstructure resilience becomes increasingly important. Volume growth attracts not only capital, but adversarial behavior. Exchange architecture that is robust under retail conditions may face new stress scenarios under larger flows and automated strategies.
Whether the current allegations prove accurate or not, the episode underscores an emerging question for the sector: how should hybrid prediction exchanges design settlement guarantees in environments where blockchain finality is probabilistic and asynchronous?
Until Polymarket provides technical clarification or mitigation details, traders and liquidity providers are left assessing execution risk in real time.
