One of crypto’s oldest unsolved problems just got a remarkably low-tech case study. Someone — investigators believe — walked up to a weather sensor at Paris-Charles de Gaulle Airport, pointed a heat source at it, and in doing so rigged a Polymarket prediction market for roughly $34,000 in winnings.
French national meteorological service Météo France has filed a criminal complaint with the Roissy airport gendarmerie after two separate incidents at its Charles de Gaulle (CDG) automated weather station lined up almost exactly with winning bets on Polymarket’s Paris daily-temperature markets, according to reporting by Le Monde. The complaint cites “alteration of the operation of an automated data processing system”—the French legal term for tampering with the operation of an automated data processing system.
What Actually Happened
The pattern in both incidents was essentially identical. Around 7 p.m. local time on April 6, 2026, the CDG sensor registered a sudden jump of several degrees, pushing the reading briefly above 21°C before snapping back down almost as quickly. For a spring evening in Île-de-France, the spike was meteorologically implausible—Paul Marquis, a meteorologist at E-Meteo Service, told French media that natural conditions could not produce a temperature swing of that shape and speed.
Over on Polymarket, a freshly created account — opened just two days earlier, with no prior betting history — had staked a small amount on a long-shot “Paris reaches 21°C” outcome. The sensor spike resolved the market in their favor. The payout was approximately $14,000.
Nine days later, on April 15, the same pattern repeated at a slightly higher threshold. A bet on Paris hitting 22°C resolved in the bettor’s favor for roughly $20,000. Combined winnings across the two incidents: about $34,000.
The working theory among investigators is that the culprit used a simple heat-emitting device—an industrial hair dryer, a portable heater, or an electric resistance element—held close to the sensor long enough to artificially inflate the reading during Polymarket’s resolution window. No network intrusion. No smart contract exploit. No sophisticated oracle manipulation through governance attacks. Just a person, a heat source, and a precise understanding of how Polymarket’s temperature markets resolve.
Polymarket’s Quiet Source Swap
Polymarket users flagged the activity in real time across the platform’s market comment threads, with several explicitly raising manipulation and insider-trading concerns. The platform itself has not issued a public statement on the incident as of press time. It did, however, take one concrete action: around April 19, Polymarket switched the resolution source for Paris temperature markets from Charles de Gaulle (station code LFPG) to Paris-Le Bourget Airport (LFPB), effectively cutting off future reliance on the compromised sensor.
Notably, the manipulated payouts were not reversed. Markets resolved as recorded, and the suspected manipulator kept the winnings.
Polymarket is officially banned in France, though the platform remains accessible to users willing to connect through a VPN. Winnings are paid in cryptocurrency, which adds another layer of difficulty to tracing and recovery efforts. The account flagged in connection with the two bets had been created only days before the first incident—a profile with no history, designed, by all appearances, to collect and vanish.
The Broader Oracle Problem
What makes this incident noteworthy is not the sum involved — $34,000 is small by crypto-exploit standards — but what it exposes. Prediction markets built on blockchain rails are only as trustworthy as the real-world data feeds they rely on to resolve. When a single physical sensor operated by a public institution becomes the arbiter of a financial market, that sensor is suddenly a target, even if it was designed only to measure the weather.
The Roissy incident joins a rapidly growing list of Polymarket integrity issues. In late 2024, the platform faced scrutiny over four linked accounts that wagered roughly $30 million on Donald Trump’s 2024 election win, with blockchain analysts concluding strong evidence that the accounts were controlled by a single entity.
As previously reported by The Crypto Times, over 150 accounts placed approximately $855,000 on markets correctly predicting a U.S. strike on Iran within 24 hours of the event—a timing pattern that drew U.S. Congressional scrutiny and reports of Israeli Air Force personnel being questioned over related bets. Separately, a Polymarket dispute over Iran-related markets spilled into alleged threats against an Israeli journalist, prompting condemnation from Reporters Without Borders.
Polymarket has not been passive in response. In March 2026, the platform rolled out expanded integrity rules across both its DeFi and U.S.-regulated offerings—explicitly prohibiting wash trading, spoofing, front-running, and insider trading.
Around the same time, the company announced a partnership with Palantir Technologies to build an AI-driven monitoring system using the Vergence AI engine to flag suspicious activity in real time. Also, Polymarket was reported to be in talks to raise $400 million at a $15 billion valuation, with rival Kalshi valued at $22 billion — meaning the economic pressure to demonstrate bulletproof market integrity has rarely been higher.
What Comes Next
Because Météo France is a public institution, the tampering charge carries aggravated penalties under French law — potentially up to seven years in prison and a €300,000 fine. Additional charges for fraud or unauthorized entry into a protected airport zone may follow if investigators identify the individuals involved.
For Polymarket, the harder question is structural. The platform’s oracle for location-specific temperature markets was, until April 19, a single piece of hardware on an airport tarmac that anyone with determination could physically approach. Switching the resolution source to Le Bourget solves the immediate problem, but not the underlying one: any prediction market that resolves on a single-source physical measurement is vulnerable to the same attack at any location, anywhere.
Also Read: Polymarket Expands Stricter Integrity Rules for DeFi and U.S. Markets
