Just before the U.S. military carried out a controversial raid to capture Venezuelan President Nicolas Maduro in Caracas in January 2026, someone placed wagers on prediction market website Polymarket, betting that Maduro would be out of office by 31 January 2026. The account holder went on to net more than $400,000 from their Venezuela-related event contracts.

It seemed just a little suspicious, and now we know why. Prosecutors claimed in a recent indictment that a member of the U.S. military placed those bets based on his access to classified information about the Venezuela operations.

And with that, let's dive into the May Legal Report.

• A U.S. special forces soldier is facing criminal and civil charges for alleged use of classified information to profit on prediction market wagers.
  
  
• UK releases guidance for complying with terrorism law enacted after Manchester Arena bombing.
  
  
• French court convicts Lafarge CEO and executives of financing terrorism.
  
  
• Nigerian authorities charged seven for alleged coup attempt.
  
  
• Canada considers legislation to create national financial crimes agency.

Insider Risk Management: Lessons from the Polymarket Wagers on the Maduro Raid

The U.S. military conducted operations in Venezuela at the beginning of 2026, capturing the country’s president, Nicolas Maduro, in a high-profile raid. At the same time, someone made roughly $400,000 by placing wagers on the prediction market site Polymarket that this exact activity would happen.

What are the odds the two events were related? High, according to the U.S. Department of Justice (DOJ), which charged U.S. Army soldier Gannon Ken Van Dyke in April with using his access to classified information about the Venezuela raid to win the Polymarket wagers.

Beginning in December 2025, Van Dyke, a master sergeant in the U.S. Army Special Operations Command stationed at Fort Bragg in North Carolina, was involved in the planning and execution of Operation Absolute Resolve—the operation to capture Maduro. During that same timeframe, Polymarket began offering wagers—what it calls event contracts—about whether certain events involving Venezuela or Maduro would occur. These events included U.S. forces in Venezuela and Maduro out of office by 31 January 2026.

Prosecutors alleged that Van Dyke created a Polymarket account in late December 2025 and began trading on the Maduro and Venezuela-related contracts. He is suspected of placing 13 bets for a total of $33,934 from 27 December 2025 to 26 January 2026, winning $409,881 as the event contracts came to fruition.

The winnings did not go unnoticed. Widespread chatter emerged on social media about the possibility of an insider using access to sensitive information to profit on these Polymarket wagers. The company itself flagged the activity as suspicious and then notified the DOJ, Polymarket CEO Shayne Coplan said in a post on X. The authorities began investigating, leading to Van Dyke being arrested and charged with unlawful use of confidential government information for personal gain, theft of nonpublic government information, commodities fraud, wire fraud, and making an unlawful monetary transaction.

“Our men and women in uniform are trusted with classified information in order to accomplish their mission as safely and effectively as possible, and are prohibited from using this highly sensitive information for personal financial gain,” said Acting U.S. Attorney General Todd Blanche in a statement. “Widespread access to prediction markets is a relatively new phenomenon, but federal laws protecting national security information fully apply.”

Van Dyke pled not guilty to the charges, was released on a $250,000 bond, and forced to surrender his passport. The BBC reported that he is on leave from the military as the court case proceeds.

But wait, there’s more. The U.S. Commodity Futures Trading Commission (CFTC) oversees the prediction market in the United States. It has also filed a civil complaint against Van Dyke, claiming he engaged in a fraudulent and deceptive scheme to purchase and sell event contracts on Polymarket.

The CFTC’s suit attempts to permanently ban Van Dyke—and any of his associates—from participating in prediction market activity, pay restitution, and forfeit a monetary penalty assessed by the court.

“I have been crystal clear that anyone who engages in fraud, manipulation, or insider trading in any of our markets will face the full force of the law,” said CFTC Chairman Michael S. Selig in a statement on the complaint. “The defendant was entrusted with confidential information about U.S. operations and yet took action that endangered U.S. national security and put the lives of American service members in harm’s way.”

This is the first time the CFTC has charged someone for insider trading involving event contracts.

Polymarket did not return Security Management’s request for comment on this article. In a March press release, though, the company provided updates on its market integrity rules and the three core categories of insider trading conduct that are prohibited on its exchange: trading on stolen confidential information, trading on illegal tips, and trading by those who can influence the outcome.

A security perspective. Allen Phelps, CPP, PCI, CEO of IPTalons, Inc., and a member of the ASIS International Sensitive Information Protection Community Steering Committee, adds that companies are increasingly concerned about the growth of prediction markets.

Executives and boards “are no longer just worried about someone walking out with a thumb drive; [they’re] worried about employees who treat corporate milestones and strategic plans like a personal roulette table,” Phelps says.

With prediction markets, Phelps explains that employees can now profit from mistakes or sabotage. Take a software developer who knows that the latest version of her company’s product is going to be delayed and places a large bet on a prediction market about the launch date.

“In this case, the developer, whose job was to ensure the project stayed on schedule, could benefit from their insider knowledge, which may incentivize subpar performance,” Phelps says.

Employees could also tip-off someone—intentionally or accidentally—outside of the company about a milestone, forecast, or other element that is not meeting expectations. The outsider could then place a bet on a predictive market based on the information, win the bet, and then share a portion of the profit with the employees in question, he adds.

“The emergence of predictive betting on corporate and global events has added another insider risk that must be proactively managed,” Phelps says. “This evolving threat shows we need to bring traditional corporate security practices together with cybersecurity and compliance to create a proactive strategy that moves from a reactive ‘detect and punish’ model to a ‘prevent and protect’ framework.”

The broader view. While the Van Dyke case focuses on prohibited use of classified information for personal gain, it does have broader lessons for corporate insider trading and risk management.

Ann C. Kim, partner in the Investigations, White Collar, and Fraud Practice Group at Hogan Lovells, LLP, says one of the aspects that distinguishes prediction market trading from insider trading in traditional securities is the breadth of information that could be misappropriated for profit.

“Earnings call scripts are a prime example of this in the public company context,” she explains. “Information about particular words the CEO will say on the call may not impact an investor’s decision to purchase stock in the company, but it would impact a decision to purchase event contracts related to whether or not the CEO will say those words.”

 

There are also broader risks for companies, too, which could be hit with reputational and financial damage if an employee misappropriates confidential corporate information to trade on a prediction market.

Say an employee in a company’s finance department has an advance confidential copy of the company’s quarterly earnings report that shows it did not meet expectations. That employee then decides to purchase event contracts on a predictive market, betting that the company’s financials will be lower than forecasted or projected. When the company’s financial results are announced, its stock price drops but the employee profits on his or her trades.

“If the CFTC or Department of Justice launch an investigation regarding the trades, the company will likely receive subpoenas from these authorities, which will ask for information regarding who was aware of the company’s financial performance before it was announced,” Kim explains. “These subpoenas cost companies resources to respond and divert attention away from the day-to-day business. These types of inquiries also have the potential to damage the company’s reputation within the market.”

Risk mitigation efforts. To address the threat of insider trading and self-dealing, Phelps recommends that companies create specific policies and keywords in their data loss prevention programs and related network monitoring tools. These can be used to identify employees who discuss or engage in this type of behavior.

Companies can also set up screening measures to block network connections to prediction market websites and scan their networks to ensure those efforts are working. An additional step could be engaging a third-party provider to monitor predictive markets and related social media outlets for mentions of the company, its products, stock, or strategy.

“Identifying if there is a predictive market interest in the corporation can also serve as an indicator of a possible insider threat actor,” Phelps says.

Kim and her colleagues published a client advisory before Van Dyke was charged about how companies can mitigate the risks associated with employee predictive market trading. They recommended companies ensure their employees understand insider trading risks related to prediction markets and to prepare for increased federal scrutiny by reviewing existing policies and codes of conduct, prohibit prediction market trading during blackout periods, and train employees on insider trading policies.

“Or they could opt for more conservative measures by updating their existing policies to address prediction market risks,” Kim says. “The important message here is that companies should be paying attention to the insider trading risks associated with prediction markets and being thoughtful about the best way to address that risk within their organizations.”

She emphasizes, though, that there is no one-size-fits-all approach here. Each company has its own risk tolerance profile, and the law around prediction market trading is developing almost daily.

Insider trading will not be tolerated. The @CFTC will use the full force of the law to protect market integrity for the American people and those who misappropriate information on our markets should be on notice.

Watch more with @SaraEisen on @CNBC 📺 pic.twitter.com/1Dy5G05jbw

— Mike Selig (@ChairmanSelig) May 4, 2026

The CFTC for instance opened a rule making process in March 2026 on prediction markets and could establish new rules for them in the next year. Kim adds that there could be activity in the U.S. Congress on the issue in the coming months.

“The Senate recently passed a resolution banning senators and their staff from trading on prediction markets,” she explains. “Although not directly relevant to public companies, this is a strong signal that lawmakers are tracking the risks these markets pose. As legislators continue to grow their understanding of prediction markets, we may see the law start to catch up with what’s happening in the markets.”

Other News of Note

Public safety. The UK government released statutory guidance for organizations to comply with the Terrorism (Protection of Premises) Act 2025, which was passed following the Manchester Arena bombing in 2017. It creates requirements for venues, events, and public spaces to prepare for potential terrorist attacks and implement measures to keep people safe should an attack occur.

The new guidance includes requirements for spaces where 200 people or more are present to identify the person or organization with control of the premises, known as a responsible person, and notify the Security Industry Authority; implement evacuation, invacuation, lockdown, and communication procedures; and coordinate with other responsible persons.

Spaces where more than 800 people are in attendance—called “enhanced tier premises”—will be required to take additional steps. These include implementing public protection measures of monitoring, movement, physical safety and security, and security of information; designating a senior individual to ensure compliance; and submitting a compliance document to the Security Industry Authority after compliance measures are in place.

Supply chain. The People’s Republic of China adopted new rules that allow the government to investigate and penalize foreign companies that discontinue business with Chinese suppliers in response to political pressure. The new rules also allow China to prevent companies and individuals from leaving the country “if they are suspected of moving supply chains elsewhere under foreign pressure,” according to The Business Times.

Terrorism financing. A French court convicted the CEO and five other executives of Lafarge for financing terrorism and violating international sanctions. The charges stemmed from allegations that Lafarge, an industrial company that specializes in cement manufacturing, and its Syrian subsidiary paid terrorist organizations Islamic State of Iraq and al-Sham (ISIS) and the al-Nusrah Front (ANF) about $6.5 million to keep its cement factory in northern Syria active between 2013 and 2014.

The FBI said in a statement that these payments were used to prevent the terror groups from interfering with the plant’s operations, kidnapping Lafarge employees, and harassing customers. Lafarge also paid ISIS to impose higher costs and disrupt imports of its competitor selling Turkish cement in northern Syria.

Lafarge and the Syrian subsidiary previously pled guilty to one count of conspiracy to provide material support to a foreign terrorist organization. As part of their plea, the first of its kind in the United States, the companies agreed to pay a penalty of $777.28 million.

Speed Reads

Below is a quick recap of court cases, legislation, and regulations that affect the security industry and employers. 

Court Cases

Active shooter. The U.S. Department of Justice sued the U.S. state of Colorado, claiming its law banning high-capacity ammunition magazines violates the Second Amendment to the U.S. Constitution. Colorado enacted the law after a 2012 mass shooting at a movie theater in Aurora, where a gunman killed 12 people and injured 70 others.

Civil unrest. Nigerian authorities arrested and charged six people with terrorism and treason for their alleged roles in a plot to overthrow President Bola Tinubu. A seventh suspect, a former Nigerian governor, is at large.

Conspiracy. U.S. prosecutors charged Mexican Governor of Sinaloa Rubén Rocha Moya and nine other current and former officials of conspiring with the Sinaloa Cartel to ship narcotics into the United States.

Discrimination. Smiths Detection, Inc., will pay $100,000 and additional relief to settle charges from the U.S. Equal Employment Opportunity Commission that it engaged in disability discrimination. The allegations stem from a complaint filed by a manufacturing employee, who claimed that the company demoted her and reduced her pay after she requested personal protective equipment accommodation to protect her hearing.

Event security. A 21-year-old man pled guilty in Austria to charges related to planning a terror attack at Taylor Swift concerts in Vienna in August 2024.

Fraud. A U.S. federal court sentenced two Americans—Zhenxing Wang, 39, and Kejia Wang, 42—to prison for operating laptop farms as part of a Democratic People’s Republic of Korea (DPRK) remote worker scheme. Their operation helped net more than $5 million in illicit revenue for the DPRK government.

IP theft. The United States extradited Xu Zewei, 34, of the People’s Republic of China, from Italy to face nine charges related to his alleged involvement in a state-sponsored hacking campaign to steal COVID-19 research from U.S. universities.

Terrorism. A panel of New Zealand judges dismissed Christchurch shooter Brenton Tarrant’s attempt to undo his previous guilty plea to terrorism, murder, and attempted murder. Tarrant claimed that harsh prison conditions following his arrest prompted him to admit to the charges.

Trafficking. The U.S. Department of Justice arrested and charged Shamim Mafi, 44, with conspiracy to violate the International Emergency Economic Powers Act (IEEPA) for allegedly selling Iranian-made weapons to Sudan.

Legislation

Art repatriation. France’s Parliament approved a law that amends its cultural heritage code to provide for restitution for art illicitly added to the country's national collections. The law is the first of its kind in Europe and expected to go into effect later this month.

Data centers. Maine Governor Janet Mills vetoed a bill that would have stopped construction of large data centers in the U.S. state for 18 months.

Financial crime. Canadian legislators are considering a bill that would create a national financial crimes agency to investigate financial crime. Canada’s minister of finance and national revenue sponsored the legislation after an inquiry found the country’s existing anti-money laundering approach was not effective.

Liability. Illinois Senator Bill Cunningham introduced a bill that would shield artificial intelligence (AI) frontier labs from liability if their models are used to cause critical harms but the lab had safety and security protocols in place. OpenAI has backed the bill, while its competitor Anthropic has come out against the legislation.

Intelligence. U.S. President Donald Trump signed legislation into law to extend Foreign Intelligence Surveillance Act (FISA) Section 702 authorities until 12 June 2026 as the U.S. Congress continues to deliberate further renewal.

National security. Trump also signed into law an appropriations act to fund the U.S. Department of Homeland Security, except for its immigration and border patrol functions, ending the longest shutdown of the department in history.

Regulations

Acquisitions. China prohibited Meta Platforms—the parent company of Facebook, Instagram, and WhatsApp—from acquiring AI startup Manus on national security grounds.

Age verification. Meta does not have effective measures in place to stop children under the age of 13 from accessing its services in the European Union, a violation of the Digital Services Act, according to a preliminary investigation by the European Commission.

Arms exports. Japanese Prime Minister Sanae Takaichi’s Cabinet approved new guidelines that remove a prior ban on lethal weapons exports, which had been in place since the end of World War II.

National security. The U.S. Federal Communications Commission (FCC) is exempting some Netgear and Adtran Inc. routers, as well as a Sees.ai drone, from its Covered List. Inclusion on that list prohibits companies from introducing new products in the U.S. market due to national security risks.

Telecommunications. The FCC proposed new rules that would prohibit companies on its Covered List from being automatically authorized to provide U.S. telecom services under a section of the 1934 Communications Act.

Thanks for reading! We’ll be back with more legal analysis in June!

What security-related regulatory developments are you following? Please email your thoughts to [email protected].

Megan Gates is the senior editor at Security Management. Connect with her via email or on LinkedIn.

 

MOST POPULAR ARTICLES

1. From ‘Send Me the Video’ to Governance: How Privacy Makes Security Systems Defensible

2. Preventing Workplace Violence: Holistic Support Starts with Listening to Nurses

3. 3 Tools Providing Privacy Protections in Video Systems