Skip to main content
Polymarket Academy

The $175K Polymarket Copy Trading Exploit Explained (2026)

On July 17, 2026, a Polymarket trader reportedly turned the bot copying his trades into his own exit liquidity, extracting roughly $175K in three and a half hours. No wallet was hacked. Here's how this class of exploit works and how to make sure your copy trading setup isn't the next target.

  • Risk Guide
  • 8 min read
  • Updated July 2026
Jump to Protection Tips

What Happened

A trader being copied doesn't have to beat the market. He can beat the bot copying him instead. That's the short version of what analytics platform Gravia reported on July 17, 2026, and it's a risk most copy traders have never priced in.

~$175K

Reportedly extracted

From a single copy trading bot, per Gravia's report

3.5 hours

Start to finish

Roughly 5:00 to 8:30 AM ET on July 17, 2026

~20%

The bot's copy sizing

Every trade was mirrored at a predictable size

Introduction

Most conversations about copy trading risk focus on the bot: who holds the keys, whether it's been exploited, how fast it executes. We've covered that side in depth in Are Polymarket Copy Trading Bots Safe? But there's a second risk that has nothing to do with wallet infrastructure: the trader you're copying can trade against you on purpose.

The incident covered here is the clearest public example of that risk to date. This guide walks through what was reported, the mechanics that make this kind of extraction possible, and the practical settings and habits that make your copy trading setup a much harder target.

The bbwlover Incident

What Gravia reported

On July 17, 2026, between approximately 5:00 and 8:30 AM ET, Polymarket trader bbwlover extracted roughly $175,000 from PBot-10, a bot that was copy trading his positions at around 20% sizing. The full breakdown was published by Gravia on X under the title "How bbwlover drained $175K from his copytrader in 3.5 hours."

The details worth sitting with: the extraction took a single morning, the bot's copy sizing was fixed and predictable, and nothing about it involved compromised wallets or broken code. The bot did exactly what it was configured to do mirror every position its target opened. That obedience was the vulnerability.

How Copiers Get Farmed

Gravia's full trade-by-trade breakdown is behind a login, so we won't claim to know each step this trader took. But the general playbook this incident fits is well understood, and it rests on three facts about automated copying.

Predictable follow-on flow

A copy bot mirrors the leader's trades automatically, at a known size, moments after they happen. The leader knows exactly what demand their own trade will create.

The copier buys worse prices

Mirrored orders always arrive after the original. In a thin prediction market, the leader's entry moves the price, and the copier's mirrored entry moves it further, against the copier.

The copier becomes exit liquidity

The leader can unwind into the very demand their copier just created, taking profit from price impact the copier paid for. On-chain, every fill looks like an ordinary trade.

Put together: a leader who knows a bot mirrors their trades at, say, 20% sizing can enter a thin market, let the bot's mirrored buying push the price further, and exit into that demand at a profit. Repeat it across enough markets and trades, and the copier bleeds a little on every cycle through slippage and adverse fills, never through anything that looks like theft on-chain.

Why Bots Make It Worse

A human copying trades by hand is a hard target: they hesitate, size inconsistently, skip trades that look strange. A bot is the opposite. It reacts within seconds, sizes every mirror identically, and never gets suspicious. That reliability is exactly what makes copy trading bots useful, and exactly what makes them farmable the attacker can calculate, in advance, how much follow-on demand every one of their trades will create.

This is worth stressing because it separates this risk from bot security. Our top-rated bots differ enormously on custody and execution, but a perfectly secure, perfectly fast bot mirrors a hostile leader just as faithfully as an honest one. The defense isn't a better bot alone it's better settings and a better-vetted leader.

Red Flags Before You Copy a Wallet

Our guide to finding a wallet worth copying covers how to identify genuine skill. These four flags are the other side of that coin: signs a wallet may be trading against its followers rather than for itself.

  1. 1

    The wallet trades in thin, illiquid markets

    Farming a copier requires moving the price with modest size. Wallets that concentrate on deep, liquid markets leave far less room for it. If a wallet's recent activity has shifted toward obscure, low-volume markets, be careful.
  2. 2

    A sudden change in trading pattern

    A wallet that built its track record on one style, then abruptly switches to rapid-fire trades, unusual position sizes, or in-and-out flips, may have noticed it's being copied. The track record that attracted you no longer describes the behavior you're mirroring.
  3. 3

    Round-trip trades with no obvious thesis

    Buying and selling the same position within minutes doesn't make money from the market. It can make money from whoever is mirroring the trades. Repeated quick reversals are one of the clearest signatures of copier farming.
  4. 4

    The wallet's profits depend on being followed

    Check whether the wallet was profitable before it had visible copiers. A trader whose edge only appeared once bots started mirroring them isn't beating the market, they're beating their followers.

How to Protect Yourself

You can't stop a leader from trying to farm their copiers. You can make yourself a target that isn't worth the effort.

  1. 1

    Cap your per-trade copy size

    The smaller your mirrored orders, the less price impact you create and the less attractive you are as exit liquidity. If your bot supports a maximum per-trade size, set it well below the default.
  2. 2

    Use limit orders for copied trades

    Market orders pay whatever price the book offers after the leader has already moved it. A bot that mirrors with limit orders caps your slippage, and simply won't fill at the distorted prices farming depends on. Kreo, Polycop and Polygun all support limit orders for copy trades.
  3. 3

    Vet the wallet, then keep vetting it

    A wallet worth copying last month can turn into a trap this month. Re-check the wallets you follow for the red flags above, and unfollow at the first sign of round-trip trades or a style change you can't explain.
  4. 4

    Spread your stake across several traders

    Farming works best against a single, predictable follower with meaningful size. Copying several wallets with smaller allocations limits how much any one leader can extract from you.
  5. 5

    Only risk what a bad week can afford

    This incident took three and a half hours. Fund your copy trading from a dedicated wallet with a stake you're genuinely prepared to lose, so no single morning can reach the rest of your funds.

The common thread

Every protection above reduces the same thing: how predictable and how valuable your mirrored orders are to the person creating them. Small, capped, limit-order copies spread across several vetted wallets are simply not worth farming.

Final Thoughts

The bbwlover incident didn't reveal a bug, and that's what makes it important. The lesson isn't to abandon copy trading. It's that the wallet you follow deserves at least as much scrutiny as the bot you follow it with.

If you're building that setup now: vet the bot's security in Are Polymarket Copy Trading Bots Safe?, pick the trader with our wallet vetting guide, and walk through a safe first setup in How to Copy Trade on Polymarket.

About This Guide

Written by Polymarket Academy Editorial Team

The Polymarket Academy Editorial Team independently researches, tests and reviews copy trading tools to help users make informed decisions. Incident details in this guide are attributed to Gravia's published report.

Last reviewed: July 2026

Frequently Asked Questions