The world’s largest decentralized prediction market platform, Polymarket, suffered a security incident that resulted in the loss of approximately $520,000 to $700,000 in cryptocurrency.
In this line, Blockchain investigator ZachXBT first highlighted the suspicious activity on May 22 after noticing large outflows from contracts linked to the platform on the Polygon (POL) blockchain.
The incident involved rapid withdrawals, with reports indicating that an attacker drained around 5,000 POL tokens every 30 seconds from addresses associated with Polymarket’s UMA CTF Adapter.
The adapter serves as a key integration for market settlement through UMA’s Optimistic Oracle system. Funds, primarily in USDC and POL, flowed to an attacker-controlled address beginning with 0x8F98. The systematic nature of the drains suggested the use of an automated script.
Polymarket responded swiftly, with the team clarifying that the breach did not stem from a vulnerability in the platform’s core smart contracts or a compromise of user funds.
Instead, the incident originated from the exposure of a private key belonging to an outdated internal operations wallet, reportedly six years old, used for rewards payouts and system top-ups. The wallet held treasury funds rather than customer deposits or trading collateral.
Polymarket response
Engineers immediately rotated keys, revoked the compromised access, and collaborated with ZachXBT and various exchanges to trace and recover portions of the stolen assets.
According to updates, the platform successfully recovered about $164,000 of the total drained amount, which ranged between $573,000 and $700,000 depending on token price fluctuations at the time.
Notably, trading on Polymarket continued without interruption throughout the event, and market resolutions remained unaffected.
As one of the most prominent prediction markets, Polymarket processes significant trading volumes, making such incidents particularly visible within the decentralized finance space.
