Michele Spagnuolo allegedly used confidential Google search data to place $2.7M in bets. The case signals growing regulatory risk for prediction markets.
A Google information security engineer who built a career exposing digital vulnerabilities has been charged with federal fraud and money laundering. The allegation: he exploited confidential internal search data to place winning bets on Polymarket and earned an alleged $1.2 million before federal investigators traced the money directly back to his name, the Wall Street Journal reported.
Michele Spagnuolo, 36, an Italian citizen who lives in Zurich and is known professionally as Miki, now faces charges filed by the Manhattan US attorney's office. The criminal complaint, unsealed on Wednesday, alleges that he accessed internal Google data showing which public figures were generating the most searches in 2025 and used that information to place bets on the outcome of the company's annual Year in Search rankings.
The complaint alleges that Spagnuolo accessed search trend data that Google restricts to "only a limited number of employees" and used it to identify musicians Kendrick Lamar and d4vd as the most-searched individuals at the time. Court records state that both artists finished in the top five of the final Year in Search results.
Prosecutors allege that between October and December of last year, Spagnuolo placed approximately $2.7 million across 25 bets on Polymarket, all tied to the Google Year in Search results. The search data he allegedly accessed pointed to Kendrick Lamar and d4vd as the dominant names at the time. Both ultimately placed in the top five of the final published results. His alleged winnings from those bets amounted to $1.2 million.
When Spagnuolo moved to withdraw his Polymarket winnings in December, he took multiple steps to obscure the digital money trail, including routing funds through a cryptocurrency transfer service offering enhanced privacy protections, according to the US Department of Justice criminal complaint.
The concealment effort came undone because of an earlier, less carefully handled withdrawal. In November, he transferred nearly $150,000 from Polymarket to a cryptocurrency swapping service. Shortly after, an identical sum moved from that service to a payment processor, where it arrived in an account registered in Spagnuolo's name and opened using his Italian government identification document. That paper trail gave federal investigators the link they needed to connect the funds directly to him.
Perhaps the detail that most invites scrutiny in this case is the apparent mismatch between what Spagnuolo allegedly stood to gain and what he risked losing. The indictment contains no explanation for why someone with his professional standing would take such a gamble for a sum that, by the standards of senior technology compensation, is relatively modest.
Google employees at his seniority typically receive compensation packages in which stock grants form a substantial and growing share of total earnings. When Spagnuolo joined Google in 2014, shares in parent company Alphabet (GOOGL) were trading at below $30. Those shares have since surpassed $380, meaning accumulated equity over a decade of employment at that level could represent a significant multiple of his alleged Polymarket winnings.
Matt Schulman, chief executive and founder of Pave, an AI platform for compensation data, said the upper end of the salary range for employees in comparable roles at large public technology companies sits at approximately $1.24 million a year, the majority of which is equity.
"That makes the stakes of anything that could jeopardize their employment extremely high," Schulman said.
The allegations sit in sharp contrast to a professional record that Spagnuolo has charted in considerable detail on his personal website and blog, where he traces his education, career milestones, research contributions and speaking engagements across more than a decade of work in web security.
Google's recruiters first approached him in 2011, when he was preparing to pursue a graduate degree in computer science at the University of Illinois in Chicago. His master's thesis focused on developing a forensics tool capable of identifying real-world users behind bitcoin transactions, a technically demanding piece of research that was well ahead of mainstream interest in cryptocurrency traceability.
His first formal interview with Google took place in 2013 while he was completing a second graduate degree, this time in computer engineering, at Politecnico di Milano, the largest technical university in Italy. A Google security engineer based in Zurich initiated contact.
"The interview was completely technical and straight to the point," Spagnuolo wrote on his blog. "He asked me several technical questions about security from the beginning, and I really appreciated that."
With roughly ten minutes remaining, he was asked to write code implementing a well-known security tool from scratch. Spagnuolo wrote that the interviewer appeared less focused on the finished code than on how he approached the problem, which he described as "a very good thing."
He had also been courted by Facebook during the same period. He wrote that the experience left him underwhelmed, feeling that the interviewer placed excessive weight on written code rather than the reasoning process behind it.
Google hired Spagnuolo in 2014, and over the following decade he rose steadily within the company. He received professional awards, served as an expert witness in legal proceedings and became known in web security circles for identifying an exploitation technique during a white-hat exercise aimed at locating system vulnerabilities. He presented those findings at security conferences in Malaysia, Vietnam and Amsterdam.
Google placed Spagnuolo on administrative leave and said it is cooperating with the investigation. Spagnuolo did not respond to requests for comment.
This case arrives as prediction markets face increasing regulatory scrutiny. The CFTC has recently signaled a more open stance toward crypto perpetual futures, the agency has also pursued enforcement actions against unregistered prediction platforms. The Polymarket case adds a new dimension: insider trading risk in a market that operates on public information can be gamed with non-public data.
Polymarket has positioned itself as a decentralized prediction platform where users bet on real-world outcomes. The allegation that a Google engineer used confidential corporate data to win bets raises questions about the platform's ability to detect and prevent information asymmetry. The platform's reliance on user-reported outcomes and oracle mechanisms may not be designed to catch traders who possess material non-public information about the events being wagered on.
Risk to watch: The case could accelerate regulatory action against prediction markets, particularly if prosecutors argue that Polymarket facilitated illegal gambling or securities trading. The DOJ complaint focuses on fraud and money laundering, not on the legality of Polymarket itself. The case provides a template for future enforcement.
For Alphabet, the case is a reminder of the value and vulnerability of its search data. The company's Year in Search rankings are a closely guarded marketing asset. The allegation that an employee used that data for personal financial gain will likely prompt internal reviews of data access controls. Google said it is cooperating with the investigation, which suggests the company views the matter as a serious breach of trust.
Practical rule: The core risk is not that prediction markets will be shut down overnight. It is that the regulatory environment for these platforms will tighten, increasing compliance costs and reducing liquidity. Traders using Polymarket or similar platforms should expect higher scrutiny on large withdrawals and more aggressive know-your-customer (KYC) requirements.
What this means: The Spagnuolo case is a cautionary tale about the limits of crypto anonymity. The alleged attempt to obscure the money trail failed because of a single early withdrawal that was not properly anonymized. For anyone using prediction markets or crypto-based betting platforms, the lesson is that law enforcement has become proficient at following the money, and the margin for error is zero.
Bottom line for traders: The case reinforces that insider trading laws apply to prediction markets just as they do to securities markets. Anyone with access to material non-public information about an event being wagered on should assume that prosecutors will treat a bet as a trade. The DOJ has shown it can trace crypto flows back to a real-world identity, even when the user takes steps to obscure the trail.
Prepared with AlphaScala research tooling and grounded in primary market data: live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.