Article
The House Oversight Committee just demanded internal records from Polymarket and Kalshi to find insider traders. But the most damning evidence has been sitting on a public blockchain the entire time. The investigation reveals a fundamental misunderstanding of where prediction market integrity actually lives.
On Friday, May 22, the House Oversight and Government Reform Committee opened a formal investigation into insider trading on Polymarket and Kalshi.
Chairman James Comer sent letters to both CEOs — Shayne Coplan at Polymarket, Tarek Mansour at Kalshi — demanding documents on how the platforms verify identities, enforce geographic restrictions, and monitor suspicious trading. The investigation was spurred by the cases we've been writing about for weeks: the Van Dyke indictment (the Army Special Forces soldier who made $409,000 trading on classified intelligence about the Maduro capture), the Iran war bets, the congressional candidates who wagered on their own races.
One sentence in Comer's letter stopped us cold.
"Internal records held by prediction market platforms are the only means by which bad actors can be identified."
That sentence is wrong. And the way it's wrong reveals something important about how Washington misunderstands the thing it's now trying to regulate.
Because for the largest prediction market in the world, the records aren't internal at all. They've been public — fully, permanently, cryptographically public — the entire time.
What "Internal Records" Misses
Comer's framing assumes prediction market data works like a brokerage. At a traditional brokerage, your trades are private. The firm holds the records. If a regulator wants to investigate suspicious activity, they subpoena the firm, the firm produces internal logs, and the investigation proceeds at the speed of legal process — weeks, months, sometimes years.
Table 1: What's Public vs. What's Actually Internal
Data Layer | Polymarket (on-chain) | Kalshi (off-chain) | Who Can See It |
|---|---|---|---|
Trade execution | Public on Polygon | Internal / aggregated reporting | PM: anyone · KX: platform + CFTC |
Position sizes | Public | Internal | PM: anyone · KX: platform |
Wallet relationships | Public | N/A (no wallets) | PM: anyone |
Timing of every trade | Public, timestamped | Daily aggregate only | PM: anyone · KX: platform |
Payouts / redemptions | Public | Internal | PM: anyone · KX: platform |
Identity (KYC) | Internal | Internal | Both: platform only |
Geographic / IP data | Internal | Internal | Both: platform only |
The pattern: For Polymarket, everything except identity is public. Comer's subpoena targets the one private layer (identity) — but frames it as if the behavior were hidden too. It isn't. For Kalshi, the subpoena model genuinely applies, because the trade data really is internal. Same letter, two completely different data realities.
Polymarket don't work that way. Polymarket settles on-chain, on Polygon, in USDC. Every trade, every position, every fill, every transfer, every payout is recorded on a public blockchain that anyone — Congress, a journalist, a researcher, a curious teenager — can read without permission, without a subpoena, and without waiting for the company to respond.
The "internal records" Comer is demanding from Polymarket are, in the most meaningful sense, not internal. The trades themselves are public. What Polymarket holds privately is the identity layer — the KYC mapping between a wallet address and a real human. That's a real and important piece. But the trading behavior, the patterns, the timing, the position sizes, the wallet relationships — all of it has been publicly auditable since the day each trade was made.
This isn't a technicality. It changes what's possible.
The Evidence Was Never Hidden
Consider the cases that triggered the investigation.
The New York Times investigation Comer cites found more than 80 Polymarket users who placed suspiciously timed bets, including wagers made hours before undisclosed U.S. and Israeli military operations against Iran. The Times didn't subpoena Polymarket to find those trades. They read the blockchain.
The Van Dyke case: a federal indictment alleges he created a wallet on December 26, funded it with roughly $35,000, placed 13 single-direction bets on Venezuela contracts between December 27 and January 2, and withdrew $409,000 the day the operation executed. Every one of those transactions is on-chain. The pattern — new wallet, concentrated positions, pre-event timing, immediate exit — was readable in public data the moment it happened.
The nine Polymarket accounts that made $2.4 million on Iran military involvement. The wallet that correctly called the Biden pardons. The fifty new accounts that bet the Iran ceasefire hours before the announcement. None of these required internal records to identify. They required someone who knew how to read on-chain data and had the tools to do it at scale.
Harvard researchers proved exactly this in March. They analyzed 93,000 Polymarket markets and nearly 50,000 wallets using only public blockchain data and found $143 million in suspected insider profits across 210,718 suspicious wallet-market pairs. No subpoenas. No internal records. Just the public ledger and a methodology for reading it.
The evidence Congress is now demanding through formal investigation has been publicly available the entire time. The bottleneck was never access. It was attention — and the tools to turn raw on-chain data into structured intelligence.
Where the Investigation Gets It Half-Right
To be fair to the committee, there's a real piece they're correctly targeting.
The identity layer genuinely is private. On-chain data shows you that wallet 0x7F23 placed suspicious trades. It does not show you that wallet 0x7F23 belongs to a specific Army sergeant with security clearance. That mapping — the KYC records, the geographic verification, the account-creation metadata — is what platforms hold internally, and it's a legitimate thing for Congress to request.
So the investigation is half-right. The behavioral evidence is public. The identity attribution is private. To prosecute, you need both: the public chain shows what happened and which wallet did it; the private records show who the wallet is.
But here's the part the framing gets backwards. Comer's letter treats the platforms' internal records as "the only means by which bad actors can be identified." In reality, the public data does the identification of suspicious behavior — the hard part, the pattern detection, the anomaly flagging. The internal records only do the final step of attaching a name. The platforms aren't the detection layer. They're the identity lookup at the end of a detection process that can — and already does — happen in public.
That distinction matters enormously for how you build integrity infrastructure.
Two Models of Market Integrity
There are two ways to police a market for insider trading.
The subpoena model. Wait for something suspicious to surface. Open an investigation. Demand internal records. Wait for the company to produce them. Analyze. Build a case. This is how the House Oversight Committee is operating, and it's how securities enforcement has worked for a century. It's reactive, slow, and dependent on the regulated entity's cooperation. By the time the records arrive, the trades are months old and the next suspicious pattern is already forming unwatched.
The public-surveillance model. Monitor the public ledger continuously. Score every wallet's behavior in real time against anomaly signals — account age, directional concentration, contract clustering, pre-event timing, exit velocity. Flag suspicious patterns as they happen, not months later. Attach identity only when a flag warrants escalation. This model is possible specifically because prediction markets settle on a public chain. It doesn't exist yet at scale — but the data to build it does.
Table 2: Two Models for Policing Prediction Market Integrity
Dimension | Subpoena Model | Public-Surveillance Model |
|---|---|---|
How it starts | Something suspicious surfaces, then investigate | Continuous monitoring of the public ledger |
Speed | Weeks to months (legal process) | Real-time (data process) |
Data source | Internal records, produced on request | Public on-chain data, always available |
Dependent on | Platform cooperation | Nothing — data is permissionless |
Detection | Manual, case-by-case | Algorithmic, all wallets at once |
Coverage | One case at a time | Every market, every wallet, continuously |
Van Dyke timeline | 116 days to indictment | Pattern detectable on Day 2 |
Scales to 210,718 cases? | No — decades of subpoenas | Yes — it's just compute |
Works for Kalshi? | Yes (off-chain, data is internal) | No (no public ledger to monitor) |
Works for Polymarket? | Slowly (data is already public) | Yes (built for public-chain markets) |
The pattern: The subpoena model is the only option for off-chain markets like Kalshi — there's no public ledger to watch. But for on-chain markets like Polymarket, it's the slow path to data that's already public. The 210,718 suspicious pairs Harvard found can't be prosecuted one subpoena at a time. They can be monitored continuously. The model has to match the market's structure.
The irony of the Comer investigation is that prediction markets are, structurally, the most transparent financial markets ever created. A traditional dark pool or OTC derivatives desk would require subpoenas to investigate because the data genuinely is private. Polymarket's data is the opposite of private. The committee is using the subpoena model on a market that is uniquely suited to the surveillance model.
It's like demanding security camera footage from a store when the entire transaction happened in a glass room on a public street, recorded permanently, viewable by anyone. The footage Comer wants has been playing on a loop the whole time.
What This Means for the Industry
Three things follow from this.
Public-chain settlement is an integrity feature, not just a tech choice. The same property that makes Polymarket "exploitable by bad actors" — open, permissionless trading — also makes it the most auditable market in existence. Every bad actor leaves a permanent, public, timestamped record. The industry's response to the integrity crisis shouldn't be to hide more data behind internal walls. It should be to build the public-surveillance layer that turns transparency into enforcement.
The regulatory bottleneck is tooling, not access. Congress doesn't lack access to prediction market data — nobody does, it's public. What's missing is the infrastructure to read it at scale: cross-venue normalization, wallet-behavior scoring, real-time anomaly detection, structured on-chain decoding. The agencies and committees investigating these markets are trying to do with subpoenas what should be done with data infrastructure.
Kalshi and Polymarket are structurally different cases. Kalshi is CFTC-regulated and off-chain — its trade data genuinely is internal, reported in aggregate, and the subpoena model applies. Polymarket is on-chain — its trade data is public, and the surveillance model applies. Treating them identically in a single investigation, as the committee is doing, misses that the integrity solution is completely different for each. One needs better internal compliance. The other needs better public monitoring.
The Part Washington Hasn't Caught Up To
The Van Dyke prosecution worked. The DOJ built a case, the indictment was unsealed, the system functioned. But it functioned slowly and reactively — 116 days from the trades to the indictment, and only because the case was egregious enough to draw individual attention.
The Harvard study found 210,718 suspicious wallet-market pairs. The Van Dyke case is one. At the subpoena-and-investigate pace, prosecuting even a fraction of the suspicious activity would take decades. The math doesn't work.
What works is reading the public data continuously and flagging anomalies as they form. That's not a legal process — it's a data process. And it's possible precisely because these markets, for all the hand-wringing about their exploitability, are radically transparent.
Congress is investigating prediction markets as if the evidence were locked inside the companies. It never was. It's on a public ledger that anyone can read, that researchers have already mined for $143 million in suspected fraud, that journalists have used to identify 80+ suspicious traders, that prosecutors used to build the Van Dyke case.
The data was always public. The question was never whether we could see it.
The question is whether anyone is building the infrastructure to read it in time to matter.
This is the twelfth installment in the Assymetrix Intelligence Brief series.
Previous: "Goldman Said the Quiet Part Out Loud: Wall Street Is Now Pricing Off Prediction Markets"
Related: "A Soldier Used Classified Intelligence to Make $400K on Polymarket. The Data Saw It First."
Assymetrix is building the intelligence and synthesis layer for prediction markets — the structured, cross-venue, on-chain data infrastructure that turns public ledgers into readable intelligence.
