Polymarket : 已识别并封禁多个「幽灵成交」账户集群并将加强封禁机制

May 10, 2026

Polymarket has been moving fast in 2026 to harden its trading stack: improving order reliability under heavy traffic, reducing abuse patterns that distort the order book, and cleaning up edge cases that can break user trust in an onchain prediction market.

In its latest progress update shared on May 10, 2026, the team outlined several concrete changes: new protections against latency-driven spam that interferes with placing and canceling orders, fixes for a common “insufficient balance / insufficient allowance” error, and an upcoming patch for another core bug affecting limit buy orders expected within the next few days. Alongside performance work, Polymarket also stated it has identified and banned multiple “ghost-fill” account clusters, and that its newer deposit wallet onboarding flow is designed to make repeated mass account creation much harder going forward.

Below is what these updates mean in practice—and why they matter to anyone trading crypto-native event markets.

Why trading reliability is a “security” issue in onchain markets

In traditional exchanges, “performance” and “security” are often treated as separate tracks. In onchain finance, they’re tightly connected:

  • If order placement and cancellation are unreliable during volatility, market makers widen spreads and retail traders experience slippage.
  • If abusive actors can cheaply flood endpoints with requests, they can degrade the experience for everyone else (a fairness problem, not just a scaling problem).
  • If the UI or API reports fills that later don’t settle cleanly, the platform’s credibility takes a direct hit—especially for algorithmic traders who depend on deterministic execution.

Polymarket’s architecture sits at this exact intersection: a fast central limit order book ( CLOB ) experience with onchain assets and settlement mechanics. When that hybrid system is stressed, “minor” bugs can create major second-order effects.

For context on recent infrastructure changes, Polymarket’s public status history shows multiple CLOB-related incidents and maintenance windows around its 2026 rollout cycle, including deposit wallet deployment and latency investigations. You can track these timelines in the official status notice history. See Polymarket’s status notice history

Update 1: Mitigating latency spam so orders and cancels stay usable

One of the most trader-visible changes in the May 10 update is a mitigation aimed at latency spam—a pattern where automated clients send bursts of low-value requests (or strategically timed bursts) that overload shared infrastructure and increase response times for everyone.

Even if an attacker isn’t “breaking in,” they can still cause harm by making the venue feel inconsistent: cancels arrive late, order acknowledgements lag, and market participants lose confidence in displayed liquidity.

This direction aligns with what Polymarket has previously documented about rate limits and throttling for CLOB endpoints (an explicit acknowledgment that API fairness is part of market integrity). Review Polymarket’s CLOB API changelog notes on rate limits

Why it matters to users (especially bot traders):

  • Cancel reliability is a core component of risk control. If you can’t reliably cancel during fast repricing, you’re forced to quote wider or stop quoting entirely.
  • Latency variance is often worse than raw latency. Predictable execution lets traders design safer strategies.

Update 2: Fixing the “insufficient balance / insufficient allowance” failure mode

Polymarket also reported a fix for a recurring error that surfaced as “insufficient balance” or “insufficient allowance / authorization.” While the message looks simple, it often reflects more nuanced realities of smart-contract based trading:

  • Your wallet may have funds, but the trading path expects them to sit in a specific wallet address (for example, a per-user contract wallet).
  • Your wallet may have funds, but the token allowance to the relevant contract is missing or outdated.
  • Your offchain state (what the API thinks you can trade) can temporarily diverge from onchain state (what you can actually settle).

This is especially relevant now that Polymarket is expanding the deposit wallet flow for new users and API integrators. In Polymarket’s own documentation, deposit wallets are described as per-user proxy wallets that hold collateral and positions onchain, with orders validated via ERC-1271 contract signature verification. Read Polymarket’s deposit wallet documentation
For the underlying signature standard, see the canonical spec. ERC-1271 standard signature validation method

Practical takeaway: if you trade via contract-wallet patterns, allowances and “which address is the actual trader” become first-class concerns—not afterthoughts.

Update 3: A remaining limit-buy bug is still being patched

Polymarket noted that another core issue affecting limit buy orders is expected to be fixed in the coming days. That’s a reminder of a broader truth about high-throughput crypto apps in 2025–2026: once you build for scale (more markets, more API users, more automation), market microstructure bugs can emerge in unexpected corners.

If you’re an active trader, it’s worth keeping an eye on:

  • order acknowledgements vs. final settlement state
  • partial fills and how they’re reported in your activity log
  • whether cancellations are reflected consistently across UI, API, and onchain events

Enforcement: Ghost-fill clusters banned, and the deposit wallet system raises the cost of repeat abuse

The most pointed enforcement line in the May 10 update is Polymarket’s claim that it has identified and banned multiple ghost-fill account clusters, with those accounts reportedly created before the deposit wallet system went live.

While “ghost-fill” can be discussed in different ways by the community, the high-level user impact is consistent: a trade appears to fill (or is treated as filled by one side) but the expected onchain outcome does not match that experience, leading to confusion, incorrect inventory assumptions, or failed strategy accounting.

Media coverage around Polymarket’s V2 transition has discussed ghost fills as a major reliability issue and frames deposit wallets as part of the platform’s long-term mitigation path. Coverage on deposit wallets and ghost fills

Separately, Polymarket’s deposit wallet implementation is explicitly described as an ERC-1967 proxy-based per-user wallet design. OpenZeppelin reference on ERC-1967 proxy patterns

Why deposit wallets can help from an anti-abuse perspective:

  • They provide a more structured onboarding and wallet creation flow for new accounts.
  • They can make it harder for bad actors to rapidly spin up large numbers of fresh accounts that behave like disposable identities.
  • They create clearer boundaries between “owner keys,” “session signers,” and “the wallet that actually trades,” which can improve monitoring and enforcement.

What traders should do now: a simple safety and execution checklist

If you trade prediction markets with real size—or run automation—these steps reduce both execution risk and wallet risk:

  1. Treat approvals as part of your threat model
    If you approve token spending, that permission can persist long after you forget about it. Use a conservative allowance policy and periodically review approvals. Ethereum.org guide to revoking token access

  2. Separate “trading funds” from “savings funds”
    Even if a platform improves enforcement, active trading requires frequent signatures and approvals. Keeping only what you need in a trading wallet limits blast radius.

  3. Expect platform updates during major migrations
    If you rely on bots, build in “circuit breakers”: pause on elevated error rates, verify order states, and reconcile against onchain data when possible.

  4. Be cautious around volatile market windows
    Latency mitigation helps, but the highest volatility periods will always attract the most aggressive automation. Use limit orders carefully and avoid assuming cancels are instantaneous.

Where OneKey fits: reducing key-exposure while you trade

Polymarket’s recent changes underline a broader 2025–2026 theme: as crypto applications become more high-performance, users sign more messages, grant more approvals, and interact with more complex contract-wallet flows.

A hardware wallet like OneKey can help by keeping private keys offline and requiring on-device confirmation for sensitive actions—useful when you’re managing multiple addresses (e.g., a long-term vault plus a smaller trading wallet) and want clearer separation between security tiers.

If you’re active on onchain markets, a common setup is:

  • OneKey-secured address for long-term holdings and treasury-style funds
  • a smaller hot wallet for frequent trading and experimental dApps

That structure won’t eliminate execution bugs on any platform—but it does reduce the chance that a single bad approval or compromised device turns into a total-loss event.

Polymarket’s May 10 update is ultimately about restoring two essentials for crypto market infrastructure: fair access under load and trustworthy execution semantics. If the platform follows through with ongoing fixes and enforcement improvements over the coming week, it will be a meaningful step toward more resilient onchain prediction markets—especially as automated trading continues to grow faster than retail UX can simplify it.

Secure Your Crypto Journey with OneKey

View details for Shop OneKeyShop OneKey

Shop OneKey

The world's most advanced hardware wallet.

View details for Download AppDownload App

Download App

Scam alerts. All coins supported.

View details for OneKey SifuOneKey Sifu

OneKey Sifu

Crypto Clarity—One Call Away.