Someone allegedly used a hairdryer to rig Polymarket weather bets
A hairdryer was allegedly used to rig Polymarket weather bets at Charles de Gaulle airport in Paris, netting an unknown user around $34,000. The incident highlights a fundamental security gap in decentralized finance (DeFi) platforms that rely on external data feeds. ## Overview Polymarket, a decentralized prediction market platform, allows users to bet on real-world outcomes including weather conditions. The platform relies on temperature sensors from Météo-France, France's official weather agency. According to a report by The Telegraph, the temperature sensor at Charles de Gaulle airport is located on a public road, making it physically accessible. On two occasions in the past month, official temperature readings at the airport spiked to levels much higher than expected. The operating theory is that someone used a battery-powered hairdryer to blow hot air directly onto the sensor, artificially raising the recorded temperature. The Polymarket page indicated less than a one percent chance of the airport exceeding a particular temperature. Successful bets on these fluctuations netted an unknown user around $34,000. ## What happened French authorities noted the temperature spikes. Météo-France filed a complaint for alteration of the operation of an automated data processing system with the Air Transport Gendarmerie Brigade of Roissy. A spokesperson for Météo-France confirmed: "In view of physical findings on one of our instruments and the analysis of sensor data, Météo-France was indeed led to file a complaint." The temperature sensor has since been moved to a new location. There is no indication that Polymarket forced anyone to return their winnings. The site is still running bets on the daily temperature in and around Paris. ## Tradeoffs The incident exposes a structural vulnerability in DeFi prediction markets: oracles — the systems that feed real-world data onto blockchains — are only as trustworthy as their physical sensors. When a sensor is unguarded and accessible, and there is financial incentive to manipulate it, the system can be gamed. Polymarket hosts numerous bets on sensitive topics including the outcome of wars, whether countries will receive nuclear weapons, and potential prison sentences. The hairdryer attack raises the question of what happens when someone uses something more dangerous than a hairdryer to change the outcome of something for financial gain. ## Bottom line Prediction markets that settle on single, physically accessible sensors are inherently vulnerable to manipulation. Moving the sensor to a secure location addresses this specific incident, but the broader lesson is that DeFi platforms need to consider physical security of their data sources — not just cryptographic security of their smart contracts. AI-assisted, human-reviewed
