Analysis report on the Google engineer accused of insider trading at Polymarket

I. Event Summary

On May 27, 2026, the U.S. Attorney's Office for the Southern District of New York and the U.S. Commodity Futures Trading Commission (CFTC) disclosed that Google software engineer Michele Spagnuolo was accused of using non-public "Year in Search 2025" data accessible within Google's internal systems to trade related event contracts on the prediction market platform Polymarket, profiting approximately $1.2 million through the account "AlphaRaccoon".

This incident is not a traditional smart contract attack or on-chain asset theft, but a typical "information security incident" in Web3 prediction markets. Its core risk lies in the fact that the platform's trading instruments are real-world event outcomes. If certain market outcomes rely on non-public information held by companies, governments, military forces, media outlets, or sports organizations, insiders may profit through prediction market trading before the results are made public, thereby undermining market fairness and price discovery mechanisms.

The importance of this case lies in its expansion of Web3 security issues from "code vulnerabilities, stolen private keys, and contract attacks" to four levels: "abuse of non-public information, employee access control, on-chain transaction monitoring, and prediction market regulation." It demonstrates that even with on-chain transparency, Web3 platforms cannot inherently prevent insider trading; on-chain data primarily plays a role in post-event tracking, investigation, and evidence gathering. II. Basic Facts of the Case The defendant in this case, Michele Spagnuolo, is a Google software engineer residing in Switzerland. The Department of Justice disclosed that he is charged with three counts: violating the Commodity Exchange Act, wire fraud, and money laundering. Violating the Commodity Exchange Act carries a maximum penalty of 10 years imprisonment, wire fraud a maximum of 20 years imprisonment, and money laundering a maximum of 20 years imprisonment. On the same day, the CFTC also filed a civil lawsuit, seeking a permanent injunction, the recovery of illicit gains, compensation for losses suffered by affected market participants, and civil penalties. According to the prosecution, Spagnuolo had access to unpublished "Year in Search 2025" data through internal Google tools. These tools displayed a "Google Confidential" label. Google's annual search trends list has commercial value because its public release brings user attention, media coverage, brand value, and advertising-related revenue. Therefore, the list is commercially valuable non-public information before its official release. Polymarket is a prediction market platform where users can buy and sell "YES/NO" shares based on the outcome of future events. Share prices typically fluctuate between $0 and $1 and reflect the market's estimate of the probability of an event occurring. For example, a "YES" share priced at $0.30 means the market roughly believes there is a 30% chance that the event will occur. If the event ultimately proves true, the share for the correct direction will be settled at $1, while the share for the incorrect direction will be zero. In this case, Polymarket saw marketplaces related to Google's "Year in Search 2025" rankings, such as "Will someone become Google's number one search of the year?" or "Will someone be in Google's top five search results of the year?" Since these results ultimately depend on data released by Google, and Google employees may have prior knowledge of the results, such marketplaces inherently carry insider information risks. III. Key Timeline 1. Around May 2024: Creation of the AlphaRaccoon Account Judicial documents show that a Polymarket account that used the name "AlphaRaccoon" was created around May 2024. This account was subsequently used to participate in Google Year in Search related marketplace transactions. 2. October 2025: Polymarket Launches Google Search Trends Marketplaces In October 2025, Polymarket began offering binary event contracts related to Google's 2025 search trends, including marketplaces for "Who is the No. 1 Google Search in 2025" and "Who is in the top five Google Searches in 2025." The final settlement for these marketplaces was based on Google's subsequently released Year in Search results. 3. October 15 to December 4, 2025: Defendant Allegedly Begins Concentrated Trading The Department of Justice stated that Spagnuolo, through the AlphaRaccoon account, invested approximately $2.754 million in these marketplaces between October 15 and December 4, 2025, betting on multiple Google Year in Search results. The CFTC's civil complaint alleges that it purchased YES or NO shares in at least 23 relevant event contracts and predicted the results with near-perfect accuracy. 4. November 27, 2025: A Key Trading Node Judicial documents show that Spagnuolo was accused of accessing Google's internal Year in Search data again on November 27, 2025. At this time, the internal data showed d4vd replacing Kendrick Lamar as Google's "Number One Searcher of the Year" for 2025. Approximately three hours later, the AlphaRaccoon account placed bets on d4vd entering the top five on Polymarket and betting on d4vd becoming number one. Because the market at the time considered the probability of d4vd becoming number one to be close to zero, such trades, if successful, would have yielded extremely high returns. 5. December 4, 2025: Google Releases Year in Search Results. Google released its Year in Search results on December 4, 2025. The relevant Polymarket marketplace subsequently settled. Prosecutors allege that the AlphaRaccoon account profited approximately $1.2 million in the related transactions. 6. After December 2025: Alleged Fund Transfers and Identity Concealment. Judicial documents state that after the marketplace settlement, the AlphaRaccoon account received approximately 3.914 million USDC.e and transferred approximately 5.045 million USDC.e to a crypto wallet. Subsequently, the funds were transferred, exchanged, and used crypto transaction services with privacy protection features. The prosecution also stated that after discussions began on social media and the Discord community that AlphaRaccoon might be an insider at Google, the account removed the username "AlphaRaccoon" and reverted to an alphanumeric wallet address.

IV. Analysis of Transaction Structure and Profit Logic

The transaction logic in this case is not complex, but the risks are very typical.

First, predicting market prices is essentially about "market probability." When the market lacks accurate information, certain low-probability events are underestimated. For example, the probability of d4vd becoming Google's number one search term of the year is close to zero in the market, but if someone already knows the result through internal data, that person can buy YES shares at a low price and settle for $1 after the result is released.

Secondly, Google's Year in Search statistics don't simply consider "highest total search volume," but rather "fastest growing search interest" or "strongest annual trend." This means that even if the general public knows certain individuals are highly popular, they may not be able to accurately predict the ranking results. Those who possess internal algorithmic definitions and ranking data have a stronger information advantage than ordinary traders. Thirdly, the AlphaRaccoon account didn't just bet on an extremely low-probability event. According to legal documents, it also made significant bets that certain individuals wouldn't be number one or wouldn't be in the top five. For example, it made large-scale NO-direction trades on results related to Bianca Censori, Pope Leo XIV, and Donald Trump. Such trades may seem to have low returns, but if the defendant did indeed possess the final ranking information, the risk was almost artificially compressed, creating a "low-risk, high-certainty" arbitrage opportunity. Fourth, this incident exposes the unique vulnerability of prediction markets: Traditional securities market insider trading typically revolves around listed companies' financial data, mergers and acquisitions, performance, and regulatory approvals; while prediction markets can financialize any real-world event. Therefore, the sources of insider information have expanded from within listed companies to search engine companies, government departments, the military, courts, sports leagues, media organizations, data service providers, platform operators, and large internet companies. Fifth, the nature of the case: This is not a "hacking attack," but an "abuse of information privileges." From a Web3 security perspective, this case does not fall under the categories of smart contract vulnerabilities, cross-chain bridge attacks, private key theft, or attacks on on-chain protocols. It is closer to an "abuse of information privileges security incident." Its security chain can be broken down as follows: Internal data access permissions → Obtaining unpublished results → Establishing positions in the on-chain/quasi-on-chain prediction market → Waiting for official results release → Market settlement and profit generation → Fund transfer, exchange, and privacy processing → Community detection of anomalies and regulatory intervention. This chain illustrates that the main threats to Web3 security are not only hackers, but also insiders with legitimate access rights who violate their trust obligations. Traditional enterprise security principles such as "principle of least privilege," "sensitive data classification," "access auditing," "employee behavior monitoring," and "conflict of interest reporting" are beginning to be directly related to the integrity of the Web3 market. VI. Regulatory and Legal Significance The regulatory significance of this case is mainly reflected in three aspects. First, regulatory agencies are treating prediction markets as genuine financial markets, not simply entertainment and speculation. The CFTC, in civil complaints, treats relevant event contracts as swaps and considers non-public information to affect the price of relevant contracts, thus constituting material information with a significant impact on market prices. Second, the Department of Justice is extending the enforcement logic of "insider trading" to prediction markets. Traditional insider trading enforcement focuses primarily on the securities and futures markets. However, this case demonstrates that as long as traders profit from event trading contracts based on material, non-public information for which they have a duty of confidentiality, they may also trigger criminal risks such as commodity fraud, wire fraud, and money laundering. Third, the case reinforces the enforcement signal that "prediction markets are not a safe haven for insider trading." In April 2026, the U.S. Department of Justice disclosed a case in which military personnel profited by betting on Polymarket using classified military operational information. This case involved employees of a technology company, indicating that the scope of risk has expanded from national security information to commercial and platform data. VII. Impact on Polymarket The impact of this case on Polymarket is twofold. On the one hand, the incident will exacerbate concerns about the risks of insider trading in prediction markets. The advantage of prediction markets is that they transform scattered information into price signals. However, if these signals primarily come from a small number of insiders with access to non-public information, then "collective intelligence" can easily turn into "insider arbitrage." This undermines ordinary participants' trust in the market's fairness. On the other hand, Polymarket can also interpret this case as an example of on-chain transparency and platform cooperation with regulators. Reuters, Axios, The Verge, and other media outlets have mentioned that Polymarket stated it cooperated with law enforcement investigations and emphasized the transparency and traceability of blockchain transactions. In other words, the transparency of Web3 platforms does not inherently prevent improper transactions, but it can provide clues for post-event tracking, fund flow analysis, and law enforcement. However, the platform still faces a more fundamental question: if a market outcome highly depends on the internal data of a specific institution, should the platform conduct an "insider information risk assessment" before opening the market? For example, Google search rankings, internal product releases, sports league disciplinary actions, government military operations, regulatory approvals, court rulings, and unpublished award results in the media can all be highly sensitive insider information. VIII. Impact on Google From Google's perspective, this case illustrates that corporate data security governance cannot solely focus on "preventing leaks" and "preventing competitors from obtaining data," but must also consider the new risk of "employees using internal data to participate in external market transactions." Google Year in Search data possesses marketing value, brand value, and commercial confidentiality value before being made public. Even if this data is not publicly listed company financial data, it may be transformed into a tradable asset because it can determine the outcome of prediction market contracts. In other words, the existence of prediction markets changes the risk attributes of corporate internal data: in the past, some data only concerned brand communication and marketing rhythm; now, it may directly correspond to external financial transaction targets. Therefore, companies need to redefine the scope of "material non-public information." For large technology companies, search trends, product release dates, advertising ranking rules, AI model release dates, App Store rankings, cloud service incident reports, content recommendation lists, annual reports, and user growth data can all be financialized by external markets and become targets for insider trading.

IX. Core Risk Matrix

X. Governance Recommendations

1. Recommendations for Web3 Prediction Market Platforms

First, establish an "insider information risk assessment" mechanism before the market goes live. The platform should identify which market outcomes are controlled or known in advance by a few organizations, such as company rankings, government actions, court judgments, internal disciplinary actions in sports events, media award results, etc. For high-risk markets, position limits should be imposed, launches delayed, monitoring levels increased, or openings rejected outright. Second, establish an abnormal transaction identification model. Focus on monitoring the following characteristics: sudden large sums of money appearing in unpopular markets; one-sided trading occurring close to the result release time; concentrated betting by new or inactive wallets within a short period; trading directions significantly deviating from the published probabilities but ultimately highly accurate; and systematically "near-all-win" trading results across multiple related markets. Third, strengthen KYC, wallet clustering, and fund flow tracking. Platforms cannot rely solely on wallet addresses as identifiers; they should combine on-chain analysis, transaction behavior, fund sources, deposit and withdrawal channels, device fingerprints, and suspicious associated accounts to identify the true risk subjects. Fourth, introduce a restricted personnel list mechanism. For certain markets, platforms may require result-source institutions, related companies, government contractors, sports league insiders, media partners, etc., to refrain from participating in transactions, or to disclose such information before participation. Fifth, establish a rapid freezing and law enforcement cooperation process. When a platform discovers obvious suspected insider trading, it should have a process for freezing suspicious accounts, preserving evidence, reporting to regulatory agencies, and cooperating with investigations. 2. Recommendations for Corporate Internal Security and Compliance First, incorporate prediction markets, crypto asset trading, and event contracts into employee codes of conduct. Companies should not only prohibit employees from using insider information to buy and sell stocks, but should also explicitly prohibit the use of non-public company information to participate in prediction markets such as Polymarket and Kalshi, or other crypto-financial platforms. Second, establish stricter access controls for high-value internal data. For data with external trading value, such as annual rankings, product release dates, search trends, internal statistics, advertising data, and model release dates, measures such as minimum access privileges, approval-based access, access logging, and alerts for abnormal queries should be implemented. Third, establish a "Sensitive Data Tradeability Assessment." Companies should regularly assess which internal information might be financialized by external markets. For example, a ranking, rating, publication date, or regulatory interaction result should be included in the management scope of major non-public information if an external trading market exists. Fourth, strengthen employee compliance training. Training content should cover insider trading in the prediction market, money laundering risks of crypto assets, on-chain traceability, corporate confidentiality obligations, and criminal liability. Engineers, security personnel, data analysts, product managers, and marketing team members who have access to sensitive systems should receive higher-level training. Fifth, conduct joint investigations linking access logs with external trading leads. When a company discovers abnormal access to sensitive data, it should conduct a joint analysis combining publicly available on-chain data, social media leaks, and external platform reports to determine whether data misuse exists. 3. Recommendations for Regulatory Agencies First, clarify the legal attributes and regulatory boundaries of event contracts. The prediction market has long existed in a gray area between financial contracts, gambling, speech markets, and information markets. Regulatory agencies need to clarify which event contracts fall under the jurisdiction of the CFTC, which fall under state gambling regulations, and which require additional market integrity requirements. Second, promote the establishment of market integrity standards by platforms. Regulatory requirements should not only focus on registration and trading licenses but should also cover insider trading monitoring, restricted personnel management, suspicious transaction reporting, KYC/AML, data preservation, customer protection, and prevention of market manipulation. Third, establish cross-agency collaboration mechanisms. Predicting market events may involve securities, commodities, crypto assets, national security, trade secrets, and data security. A more efficient information-sharing mechanism is needed between the CFTC, the Department of Justice, the SEC, FinCEN, state regulators, and corporate security departments. Insight Report Source: Global Cybersecurity Alliance https://www.gcsa.org