A 60 Minutes investigation has put hard numbers on something compliance professionals already suspected: insider dealing has not gone away. It has relocated to venues where surveillance is thin and the rulebook is unsettled, and that should hold the attention of anyone who manages inside information for a living.
Insider dealing is a lazy crime. It rewards proximity to information rather than skill, and like water it runs downhill, towards whichever venue pays best for the least chance of being caught. For two decades that downhill path led away from the regulated exchanges, because Market Abuse Regulation (MAR) and the enforcement machinery behind it made dealing on a secret an uncomfortable business there. So the obvious question is where the downhill path leads now.
60 Minutes answered that question in May 2026, and the answer was a prediction market. The data analytics firm Bubblemaps, sharing its findings with the programme, identified nine linked and anonymous accounts on Polymarket that bet almost exclusively on US military action. Across more than 80 bets the accounts won over $2.4 million at a 98% win rate, many of the wagers placed when the odds of winning were long. Bubblemaps' chief executive put it to 60 Minutes without hedging: luck does not produce numbers like that.
Our position is straightforward. Market abuse has not declined; it has migrated, and it has gone precisely to the venues where surveillance is thinnest and the rules are least settled. A compliance team that reads a quiet quarter on its own exchange as evidence the problem is contained is reading the wrong instrument. The problem is not contained. It has found somewhere quieter to work.
Follow the win rate
A 98% win rate is not a trading record. It is a confession with a spreadsheet attached. The pattern Bubblemaps describes, accounts that bought into long-odds outcomes and were proved right on the specific dates of pivotal war decisions, is the oldest tell in market abuse: not skill in reading a market, but knowledge of an answer the market did not yet have.
Last month brought a named example. A US Army master sergeant, Gannon Ken Van Dyke, was indicted for allegedly betting on a special operations mission using classified information. According to the US Justice Department, he staked roughly $34,000, netted more than $400,000, withdrew the profit at once and then tried to delete his betting account. He has pleaded not guilty. What stands out is not the sophistication but the absence of it: the workaround that allegedly let a serving soldier place those bets was a virtual private network (VPN) costing around $2 a month.
Bubblemaps is not working alone. The Anti-Corruption Data Collective examined long-shot military wagers on Polymarket, bets above $2,500 placed at odds below 35%, and found the bettors won more than they lost. Its report described indications of systemic insider trading. When the long shots keep landing, the word for it is not edge.
It is not only the crypto venues
It would be comforting to file all of this under unregulated novelty betting, a problem for crypto venues and nobody else. Oil does not allow that comfort. On the morning of 23 March 2026, on an otherwise slow trading day, more than $800 million was staked on oil prices falling, according to data the financial firm LSEG supplied to 60 Minutes. Fifteen minutes later the US president posted that talks with Iran had gone well, the oil price fell more than 10%, and whoever placed those trades made what one former commodities trader estimated at tens of millions of dollars. Federal investigators are reported to be examining the trades. No one has been charged.
That episode happened on the heavily regulated commodities market, not a prediction market. Which is the point. The migration is not a simple move from regulated to unregulated. It runs towards whichever venue, regulated or not, is being watched least closely at the moment the information becomes valuable.
"Not my market, not my regulation"
A compliance officer at a listed company could read all this and reasonably conclude it is someone else's problem. War bets are not their market. The Commodity Futures Trading Commission (CFTC), which polices these US venues, is not their regulator. A leak from a military planning room is not a failure their insider list was ever built to catch. All true, and none of it gets them off the hook.
That behaviour generalises, and the generalisation is uncomfortable. Inside information about a listed company, a takeover in progress, a profit warning being drafted, a trial result not yet announced, can be wagered on a prediction market as readily as it can be traded on an exchange. Polymarket and venues like it run contracts on corporate events, and a contract that pays out on a corporate outcome is, in substance, a position in that company's information. The carefully controlled population of people who hold your inside information now has an exit you do not monitor and your market surveillance provider cannot see. We covered the mechanics of this in detail in our earlier piece on when non-public information finds a new market, including how the existing legal frameworks in the US, UK, and EU struggle to reach it.
Where the watchers thin out
Surveillance migrates more slowly than abuse, and the figures show the gap. The CFTC was built in the 1970s to regulate food prices, historically ran as a commission of five, and is currently led by a single person. Both its staffing and its enforcement actions have fallen sharply since 2024. A regulator stretched that thin is a regulator whose deterrent effect thins with it, and not only on the markets it directly oversees, because every enforcement body's credibility rests partly on the visible odds of being caught somewhere.
Rules are arriving, slowly. In March 2026 the White House reminded its own staff, by memo, that using nonpublic information on prediction markets is a criminal offence. Polymarket says it operates insider trading rules, AI-powered surveillance and blockchain forensics, and that it refers suspicious activity to law enforcement. Worth having, all of it. But a memo and a venue's own rulebook are not MAR, and on a market whose participants are anonymous, "those who attempt it will be identified" is a promise rather than a mechanism.
What does not migrate
Here is the part worth holding onto. Abuse migrates; the discipline that catches it does not have to. What MAR drilled into listed-company compliance over the past decade is not a set of exchange-specific tricks. It is a habit: know exactly who holds inside information, know the moment they gained access and the moment they lost it, and be able to prove all of it afterwards. That habit operates one step upstream of every venue, at the point where the information is held, which is why it works whether a leak surfaces on an exchange, a commodities desk or a prediction market.
So the unglamorous discipline matters more as the venues multiply, not less. An insider list maintained to the moment, rather than reconstructed at the end of the week, is the record that answers the only question an investigator ever really asks: who knew, and when. Keeping that record accurate by hand, across email and spreadsheets, is precisely the work InsiderList exists to remove, and a contemporaneous, time-stamped audit trail is worth considerably more than one assembled under pressure after a regulator has already called.
That 98% win rate will keep turning up, on one venue or the next. You cannot control where abuse goes looking for a quiet place to operate. You can control whether, when the question finally reaches your information, you have an honest and complete answer ready. That is the whole of the job, and it has not changed.
To find out how InsiderList can help your organisation stay ahead of evolving insider trading risks, contact our team today and arrange a demo.
