Top-tier Trading Bot Polycule on Polymarket has been attacked. How should prediction market projects improve security measures?

Author: ExVul Security, a Web3 security company

1. Event Summary

On January 13, 2026, Polycule officially confirmed that its Telegram trading bot was hacked, resulting in the theft of approximately $230,000 worth of user funds. The team quickly updated on X: the bot was taken offline immediately, a patch was rapidly deployed, and affected users on Polygon were promised compensation. Multiple notices from last night to today have kept the security discussion around Telegram trading bots heated.

2. How Polycule Operates

Polycule’s positioning is very clear: enabling users to browse markets, manage positions, and handle funds on Polymarket directly within Telegram. Its main modules include:

Account Opening and Dashboard: /start automatically assigns a Polygon wallet and displays the balance; /home and /help provide access points and command instructions.

Market Data and Trading: /trending, /search, or pasting a Polymarket URL fetches market details; the bot offers market orders (market/limit), order cancellations, and chart viewing.

Wallet and Funds: /wallet supports viewing assets, withdrawing funds, POL/USDC swaps, and exporting private keys; /fund guides users through deposit procedures.

Cross-Chain Bridging: Deep integration with deBridge helps users bridge assets from Solana, with a default deduction of 2% SOL to be exchanged for POL to pay for Gas.

Advanced Features: /copytrade opens the copy trading interface, allowing follow-on trading by percentage, fixed amount, or custom rules; additional capabilities include pause, reverse copy, and strategy sharing.

The Polycule Trading Bot handles user interactions, parses commands, manages keys in the backend, signs transactions, and continuously listens for on-chain events.

After the user inputs /start, the backend automatically generates a Polygon wallet and secures the private key. Users can then send commands like /buy, /sell, /positions to check balances, place orders, and manage positions. The bot can also parse Polymarket webpage links to directly provide trading entry points. Cross-chain funds are managed via deBridge, supporting SOL bridging to Polygon, with a default 2% of SOL exchanged for POL to cover Gas fees. Advanced features such as Copy Trading, limit orders, and automatic monitoring of target wallets require the server to stay online long-term and to sign transactions on behalf of users.

3. Common Risks of Telegram Trading Bots

Behind the convenience of chat-based interaction lie several hard-to-avoid security vulnerabilities:

First, nearly all bots store user private keys on their servers, signing transactions on behalf of users. This means that if the server is compromised or if there is operational negligence leading to data leaks, attackers can export private keys in bulk and drain all user funds at once. Second, authentication relies on the Telegram account itself; if a user experiences SIM hijacking or device loss, an attacker can control the bot account without needing the mnemonic phrase. Lastly, there is no local popup confirmation step—unlike traditional wallets where each transaction requires user approval—so if backend logic fails or is malicious, the system could automatically transfer funds without user awareness.

4. Specific Attack Surfaces Revealed by Polycule Documentation

Based on the documentation, the current incident and future potential risks mainly focus on the following points:

Private Key Export Interface: /wallet menu allows users to export private keys, indicating that the backend stores reversible key data. If there are SQL injections, unauthorized access points, or log leaks, attackers could directly invoke the export function, which aligns closely with the theft scenario.

URL Parsing Potentially Triggering SSRF: The bot encourages users to submit Polymarket links to fetch market data. If input validation is insufficient, attackers could forge links pointing to internal networks or cloud metadata services, causing the backend to “fall into traps” and further steal credentials or configurations.

Copy Trading Monitoring Logic: Copy trading involves the bot following target wallets’ operations. If the event listening can be spoofed or lacks security filtering, followers could be led into malicious contracts, resulting in locked funds or direct theft.

Cross-Chain and Auto-Exchange Processes: Automatically swapping 2% of SOL for POL involves exchange rates, slippage, oracles, and execution permissions. If these parameters are not rigorously validated, hackers could amplify exchange losses during bridging or divert Gas budgets. Additionally, inadequate verification of deBridge receipts could lead to false deposits or double entries.

5. Reminders for Project Teams and Users

What project teams can do includes delivering a comprehensive and transparent technical review before service restoration; conducting specialized audits on key areas such as key storage, permission isolation, and input validation; re-evaluating server access controls and deployment processes; and introducing secondary confirmation or limit mechanisms for critical operations to reduce further damage.

End users should consider limiting the funds held in the bot, promptly withdrawing profits, and enabling Telegram’s two-factor authentication and independent device management for added security. Until the project team provides clear security commitments, it’s advisable to stay cautious and avoid adding more principal funds.

6. Epilogue

The Polycule incident reminds us once again: when trading experiences are compressed into a chat command, security measures must be upgraded in tandem. Telegram trading bots will remain a popular gateway for prediction markets and Meme coins in the short term, but this space will continue to be a hunting ground for attackers. We recommend project teams treat security as an integral part of product development and openly communicate progress to users; users should also stay vigilant and not treat chat shortcuts as risk-free asset managers.