A Google safety engineer was charged with insider buying and selling after profitable $1.2 million utilizing confidential firm knowledge to put bets on the cryptocurrency-based Polymarket decentralized prediction market.
36-year-old Michele Spagnuolo, an Italian citizen residing in Switzerland and a Google worker since 2014, appeared on Wednesday within the Southern District of New York.
In parallel, the Commodity Futures Buying and selling Fee (CFTC) filed a separate civil criticism the identical day, looking for restitution, disgorgement, civil financial penalties, and buying and selling and registration bans.
In response to the felony criticism, all through this scheme, Spagnuolo used his entry to an inner software program instrument containing confidential “12 months in Search” knowledge (Google’s annual rating of high trending search phrases), which was marked with a “Google Confidential” banner in purple textual content.
Starting in October 2025, Spagnuolo allegedly used a Polymarket account underneath the alias “AlphaRaccoon” to guess on whether or not particular people would seem on Google’s high trending search lists. He additionally allegedly used confidential knowledge from Google’s inner knowledge instrument and positioned bets with near-perfect accuracy throughout roughly 25 unlikely outcomes, whereas risking roughly $2.75 million in whole.
After Google publicly introduced its 12 months in Search outcomes on December 4, 2025, Spagnuolo’s AlphaRaccoon Polymarket account collected roughly $1.2 million in USDC.e winnings.
“From on or about December 4, 2025 via on or about December 10, 2025, when the Polymarket markets concerning Google’s 12 months in Search resolved, the software program launched roughly 3,914,362 million USDC.e to the AlphaRaccoon Polymarket account. On or about December 10, 2025, the AlphaRaccoon Polymarket account despatched roughly 5.045 million USDC.e, to Pockets-0xAf6,” the criticism reads.
The FBI traced the AlphaRaccoon account to a fee processor account registered in Spagnuolo’s identify and linked to an Italian authorities identification card. After on-line communities on Discord and X started speculating that AlphaRaccoon was a Google insider, the username was faraway from the account, reverting it to an alphanumeric pockets tackle.
Prosecutors mentioned that Spagnuolo subsequently moved the unlawful proceeds via a number of cryptocurrency-swapping companies, together with one which removes pockets addresses from the blockchain.
“Immediately’s prices reinforce a decades-old message: company insiders can’t use confidential enterprise info to show a revenue in our markets,” mentioned U.S. Lawyer Jay Clayton. “As alleged, Spagnuolo violated the duties he owed to his employer and used Google’s confidential enterprise info to make greater than $1.2 million in buying and selling earnings on Polymarket.”
“Staff who’re entrusted with confidential enterprise info can’t misappropriate that info for private monetary acquire,” added CFTC Director of Enforcement David I. Miller.
Spagnuolo now faces a most of 10 years in jail on a commodities fraud depend and 20 years every on wire fraud and cash laundering counts.
Automated pentesting instruments ship actual worth, however they have been constructed to reply one query: can an attacker transfer via the community? They weren’t constructed to check whether or not your controls block threats, your detection guidelines hearth, or your cloud configs maintain.
This information covers the 6 surfaces you really have to validate.
