Author: Fairy, ChainCatcher
Editor: TB, ChainCatcher
Last night, community users reported that the “wildest” governance attack in recent times had occurred on Polymarket. A large UMA user used his last-minute voting weight to manipulate the oracle in a market that was about to lose money, causing the market to settle according to a result that did not happen in reality, and successfully turned the tables and made a profit.
When the rules of gambling become “change the answer if you can’t afford to lose”, is this still a fair market?
A blatant "casino cheating"
The prediction market question involved in this incident was: "Will Ukraine agree to sign a mineral deal with Trump by April?"
As of market settlement, there had been no official announcement or decision confirming that a deal had been reached. On March 25, Trump said he expected to sign the U.S.-Ukraine minerals agreement “soon,” but in reality, the deal had neither been formally signed nor announced.
However, Polymarket still ultimately ruled that the result was YES.
Image source: Polymarket
How was the Polymarket governance attack accomplished?
According to community users @Web3Marmot and @hermansen_folke, Polymarket's governance attack was mainly achieved through UMA oracle voting manipulation.
Polymarket relies on UMA’s decentralized oracles to verify results. UMA has its own arbitration system to resolve disputes, and the arbitrators are real people - participants in the UMA ecosystem, specifically UMA token holders. This system is called DVM (Data Verification Mechanism).
However, the decision-making power of the UMA oracle is concentrated in the hands of a very small number of "whales" who hold a large number of UMA tokens. According to community analysis, only two large holders control more than 50% of the voting rights. They are not only voters, but also players on Polymarket.
According to @hermansen_folke's analysis, UMA is a neutral oracle in theory, but in reality it tends to "follow the crowd". In the UMA oracle, voters need to pledge tokens to vote, and if the vote is different from the majority's choice, these tokens will be lost. This means that voters do not necessarily choose the real result, but tend to follow those big players who hold a large number of tokens and have historically made huge profits.
In addition, to propose a market resolution of "yes" or "no", a deposit (usually $750 USDC) must be paid, and the same amount is required to raise an objection. If the vote is not in favor of the challenger, they will lose this deposit, and even if they are correct, the final reward is very small. This mechanism leads to a serious asymmetry: whales with large stakes and UMA votes can easily pay the deposit and influence the market decision, while ordinary users dare not challenge for fear of losing funds.
In this incident, a large holder of UMA tokens manipulated the vote to tilt the result in his favor when the market was about to settle.
As can be seen from the figure below, this large account cast 5 million tokens through three accounts, accounting for 25% of the total votes.
Image source: betmoar.fun
Official response: Acknowledge the dispute but refuse to refund
Polymarket officials released an announcement on Discord after the incident, admitting that the ruling on the Ukrainian rare earth market deviated from user expectations and official clarification information, but since this was not a market system failure, the platform could not provide a refund.
Polymarket said that they have started urgent discussions with the UMA team and promised to strengthen system monitoring and improve rules to prevent similar situations from happening again. In the future, the ruling mechanism will be further optimized to ensure clearer rules and more transparent and timely clarification processes, and more details will be announced later.
The oracle was supposed to be an impartial referee, but it ultimately became a tool for capital manipulation.
Although Polymarket officials admitted that the ruling did not meet users’ expectations, they refused to refund the money. This decision not only caused the affected users to suffer losses, but also brought the trust of the entire market to a freezing point.
When ordinary players find that even if they bet on the right direction, they can't beat the big players who can change their fate with a single click, who can continue to be a lamb to be slaughtered in this manipulated game?
