One hairdryer, one unattended weather sensor, two meticulously calculated operations.
On April 6, 2026, and April 15, the Météo-France weather probe at Paris Charles de Gaulle Airport was heated with a portable heating device, causing the temperature readings to soar abnormally in a short amount of time. The actual temperature at Charles de Gaulle Airport did not experience such fluctuations, but the prediction market on Polymarket settled as usual for "Paris Daily High Temperature." Two incidents took place, with a total of $34,000 in winnings transferred from the platform to an anonymous account opened just two days before the incident.
This was not a typical crypto attack. It did not exploit any smart contract vulnerabilities or target any decentralized governance process. The only tool used in the attack was a hairdryer.
How Did a Probe Falsely Inflate the Temperature by 4°C in 12 Minutes and Deceive a Global Prediction Market?
Between 6:30 and 6:42 on April 6, the temperature reading at the Charles de Gaulle Airport weather station rose by 4°C in 12 minutes, peaking at 22.5°C, then rapidly fell back within 5 minutes. The real temperature in Paris did not experience such a drastic fluctuation that day, and nearby weather stations did not record any similar anomalies.
The weather station (code: LFPG) is located at the edge of the runway at Charles de Gaulle Airport, near a public area next to the highway. The relative openness of its physical location provided the opportunity for the perpetrator to approach the sensor and physically intervene.
This brief "heatwave" coincidentally hit the "21°C" option on Polymarket, a result that had previously garnered little attention, and settled as Yes after the platform accepted the anomalous data as the daily high temperature. An account behind the scenes walked away with approximately $14,000.
9 days later, around 9:30 on April 15, under almost identical circumstances, a cloudy, windless night, the temperature reading at Charles de Gaulle Airport mysteriously rose to 22°C. The probability of the "22°C" option on Polymarket surged from 0.1% to 95% in just 30 minutes. The second reward exceeded $20,000, and still flowed into the same account.
Paul Marquis, founder of the French E-Meteo Service and meteorologist, provided a nearly irrefutable technical assessment: "At that time, there were no changes in wind direction and relative humidity, and no anomalies were recorded at other nearby weather stations. Physical intervention is the most reasonable explanation, such as placing a heating device near the sensor probe."
The French National Meteorological Service (Météo-France) subsequently conducted a physical inspection of the sensor, discovered evidence of tampering, and officially filed criminal charges against the Rouvax Air Transport Gendarmerie. The charge is "disruption of the operation of an automated data processing system." Under French law, this charge carries a maximum sentence of 7 years' imprisonment and a €300,000 fine.
The profile of the implicated account also raises suspicions. It was created on April 4, 2026, just 48 hours before the first offense. The initial funding was only a few dollars transferred through a cryptocurrency exchange. It almost exclusively participated in markets like "Paris Weather" and specifically bought options with very low probabilities of "high temperature." After two successful attempts, the funds were quickly transferred through a coin mixer and decentralized exchanges, significantly increasing the difficulty of on-chain tracing.
On one side is a commonly used household hairdryer that costs less than €30, and on the other side is a global climate prediction market with a daily trading volume exceeding $2 million, showcasing an extreme imbalance between the cost of the attack and the benefits gained.
The anomalous data was initially discovered by French local weather enthusiasts on the Infoclimat forum. The event was then spread through the crypto community to the English-speaking world, with subsequent coverage by French newspapers Le Monde and Le Figaro, as well as BFMTV. Polymarket has not issued any public statements on the matter and has not rescinded the $34,000 prize already paid.
A Rule Gap: What entitles a six-figure prize to a single sensor reading?
In this event, the true protagonist, rather than the hairdryer, is the settlement rule set of the Polymarket weather market.
Polymarket's weather markets have seen rapid growth in recent years, with the number of active markets now reaching 173, covering temperature, precipitation, hurricanes, tornadoes, earthquakes, volcanoes, and even pandemics. Among these, the "Paris Daily High Temperature" market employs a straightforward settlement mechanism, with data sourced from a specific weather station hosted on the Wunderground website.
Prior to this event, this station was the Charles de Gaulle Airport weather station (code LFPG), providing temperature readings accurate to the nearest degree Celsius. Most crucially, the market settles immediately upon the finalization of the data, with "no consideration for any subsequent data revisions."
This last point means that even if the French meteorological service later identifies data anomalies and revises historical records, Polymarket will still pay out winnings based on the contaminated original readings. The rules are clearly stated and strictly enforced.
The vulnerability is clearly manifested in three aspects:
The first is a single point of failure. The settlement of the entire six-figure prize pool relies entirely on the reading of a sensor. Polymarket did not design a multi-site weighting, redundant comparison, or outlier circuit breaker mechanism. The so-called "data source" is the metal probe next to the runway at Charles de Gaulle Airport.
The second is physical accessibility. The weather station at Charles de Gaulle Airport is located near the edge of the runway, close to a public area next to the highway, where any ordinary person can walk to the probe within a few meters. This geographical detail has lowered the threshold for "physical intervention" from a theoretical possibility to an almost zero-cost real-world operation.
The third is the rigidity of the settlement mechanism. Post-event revisions are invalid, meaning that once an attack is completed, there is no possibility of "reversal." The rules ensure the certainty of settlement on the one hand, and also ensure that manipulation, once successful, cannot be reversed.
Fibo Crypto analyst Victor has given this type of tactic a name that is quite aesthetically pleasing in terms of technology: "physical oracle attack." Unlike the "digital oracle attacks" in the past that targeted UMA governance votes or manipulated oracle results through large-scale token voting, the physical oracle attack bypassed the logic of the entire chain and directly targeted the first kilometer of the data pipeline—the real-world metal probe.
On April 17, two days after the incident was exposed, Polymarket quietly made a rule change, switching the settlement data source for the Paris weather market from Charles de Gaulle Airport (LFPG) to Paris-Le Bourget Airport (LFPB). The switch was not accompanied by any official announcement, no public technical explanation, and no response to the two manipulations that had already occurred.
It's much easier to change a probe than to publicly acknowledge a vulnerability. The Polymarket weather market was initially designed as a mirror, reflecting the collective judgment of the market on the future. However, when the image in the mirror is valuable enough, the odds are steep enough, and the probe is easily accessible, there will always be someone walking by with a €30 hairdryer, blowing in the result they want.
