A person allegedly used a battery-powered hairdryer on an unguarded Météo-France sensor at Charles de Gaulle airport to manipulate Polymarket temperature bets, netting ~$34,000.
Key Takeaways
Polymarket was settling Paris daily temperature markets on a single Météo-France sensor near the CDG runway perimeter, accessible from a public road.
Temperature readings spiked twice in one month; Polymarket bettors profited on sub-1% probability outcomes both times.
Météo-France filed a criminal complaint with the Air Transport Gendarmerie Brigade of Roissy for alteration of an automated data processing system.
Polymarket did not claw back winnings; the sensor was simply relocated, and Paris temperature markets remain live.
Single-source oracle design is the core vulnerability: any prediction market settling on one physical sensor inherits that sensor’s physical attack surface.
