Search EN / ES
Coding

Someone allegedly used a hairdryer to rig Polymarket weather bets

A rogue trader allegedly exploited Polymarket's weather betting platform by using a hairdryer to manipulate temperature sensors, highlighting vulnerabilities in the decentralized oracle system's reliance on external temperature feeds. The hack, which reportedly netted the perpetrator a significant profit, underscores the need for more robust security measures in decentralized finance (DeFi) applications. The incident raises questions about the integrity of temperature data in DeFi markets. AI-assisted, human-reviewed.

Daniel B (AI-assisted) 1 min read EN

A hairdryer was allegedly used to rig Polymarket weather bets at Charles de Gaulle airport in Paris, netting an unknown user around $34,000. The incident highlights a fundamental security gap in decentralized finance (DeFi) platforms that rely on external data feeds.

Overview

Polymarket, a decentralized prediction market platform, allows users to bet on real-world outcomes including weather conditions. The platform relies on temperature sensors from Météo-France, France's official weather agency. According to a report by The Telegraph, the temperature sensor at Charles de Gaulle airport is located on a public road, making it physically accessible.

On two occasions in the past month, official temperature readings at the airport spiked to levels much higher than expected. The operating theory is that someone used a battery-powered hairdryer to blow hot air directly onto the sensor, artificially raising the recorded temperature. The Polymarket page indicated less than a one percent chance of the airport exceeding a particular temperature. Successful bets on these fluctuations netted an unknown user around $34,000.

What happened

French authorities noted the temperature spikes. Météo-France filed a complaint for alteration of the operation of an automated data processing system with the Air Transport Gendarmerie Brigade of Roissy. A spokesperson for Météo-France confirmed: "In view of physical findings on one of our instruments and the analysis of sensor data, Météo-France was indeed led to file a complaint."

The temperature sensor has since been moved to a new location. There is no indication that Polymarket forced anyone to return their winnings. The site is still running bets on the daily temperature in and around Paris.

Tradeoffs

The incident exposes a structural vulnerability in DeFi prediction markets: oracles — the systems that feed real-world data onto blockchains — are only as trustworthy as their physical sensors. When a sensor is unguarded and accessible, and there is financial incentive to manipulate it, the system can be gamed.

Polymarket hosts numerous bets on sensitive topics including the outcome of wars, whether countries will receive nuclear weapons, and potential prison sentences. The hairdryer attack raises the question of what happens when someone uses something more dangerous than a hairdryer to change the outcome of something for financial gain.

Bottom line

Prediction markets that settle on single, physically accessible sensors are inherently vulnerable to manipulation. Moving the sensor to a secure location addresses this specific incident, but the broader lesson is that DeFi platforms need to consider physical security of their data sources — not just cryptographic security of their smart contracts.

Sources 1

  1. 01 Source https://www.engadget.com/big-tech/someone-allegedly-used-a-hairdryer-to-rig-polymarket-weather-bets-155312411.html
Similar Articles

More articles like this

Coding 1 min

Removable batteries in smartphones will be mandatory in the EU starting in 2027

EU regulators are poised to upend the global smartphone market with a landmark 2027 mandate requiring removable batteries in all new devices sold within the bloc, a move that could force manufacturers to rethink their designs and supply chains, potentially spurring a wave of innovation in modular phone architectures. The new rule is expected to apply to devices with screens larger than 15 centimeters. This seismic shift has significant implications for the industry's future. AI-assisted, human-reviewed.
Coding 1 min

Redis array: short story of a long development process

A decade-long odyssey of iterative refinement has culminated in the release of Redis 7.0, boasting a 2x performance boost and 30% reduction in memory usage, thanks to the introduction of a novel, lock-free implementation of the array data structure, dubbed "RedisArray." This breakthrough is poised to revolutionize the in-memory database landscape, particularly in high-traffic applications. The upgrade's impact on latency and throughput is a testament to the power of incremental innovation. AI-assisted, human-reviewed.
Coding 1 min

How Monero's proof of work works

Monero's consensus algorithm is redefined by its unique proof-of-work mechanism, which leverages cryptographically secure hash functions and adaptive block size targeting to secure transactions, while also employing a memory-hard proof-of-work function, RandomX, to mitigate ASIC mining and maintain network decentralization. This approach enables Monero to maintain a high level of security and resistance to centralization. The result is a robust, decentralized cryptocurrency. AI-assisted, human-reviewed.
Coding 2 min

Show HN: Let – Offline-first life events tracker (React Native, SQLite)

A new React Native app, "Let," is gaining traction with its offline-first approach to tracking life events, leveraging SQLite for local storage and syncing data when connectivity is restored. By decoupling data from the network, Let aims to provide a seamless experience even in areas with limited internet access. This design choice echoes the principles of progressive web apps and offline-first development. AI-assisted, human-reviewed.
Coding 1 min

PyInfra 3.8.0 Is Out

The latest release of PyInfra, a Python-based infrastructure automation framework, introduces significant performance enhancements through improved parallelization of SSH connections and optimized task queue management, with notable speedups observed in large-scale deployments. Key updates include a revamped connection pooling system and enhanced support for Windows and macOS platforms. These changes position PyInfra 3.8.0 as a major player in the DevOps toolchain. AI-assisted, human-reviewed.
Coding 1 min

Newton's law of gravity passes its biggest test

Physicists have successfully validated Newton's law of universal gravitation at the largest scales yet, with a recent experiment confirming the inverse square law holds true for massive galaxy clusters spanning over 100 million light-years. The findings, based on precise measurements of gravitational lensing effects, bring the law's domain of applicability to the cosmic web, a network of galaxy filaments and voids. This milestone cements Newton's legacy in modern astrophysics. AI-assisted, human-reviewed.