- Onchain investigator ZachXBT discovered unusual outflows connected to the platform’s UMA CTF Adapter infrastructure, which raised concerns about a possible Polymarket exploit on Polygon.
- Although the event initially cost $520K, blockchain analysts subsequently calculated damages of almost $660K.
- Polymarket emphasized that user funds and market resolution are still secure, clarifying that the problem seems to be related to a private key breach rather than a smart contract hack.
Did a $520K exploit just hit Polymarket on Polygon, and are user funds really safe? An internal inquiry was launched on Friday in response to suspicious outflows linked to Polymarket’s UMA CTF Adapter infrastructure on Polygon after onchain investigator ZachXBT noticed money being taken out of two connected addresses.
In a Discord message, Polymarket acknowledged being aware of the problem and stated that, rather than any breach of contracts or core infrastructure, the findings indicate a potential private key compromise of a wallet used for internal top-up operations.
Polymarket Losses Rise Above $660K As Funds Move To ChangeNOW
“User funds and market resolution are safe,” the message stated. In a separate post on X, Josh Stevens, VP of Engineering for DeFi at Polymarket, stated that user funds on the platform are secure and that the event looked to entail a compromised private key rather than a contract attack.
The Gnosis Conditional Tokens framework, which is utilized for market resolution on Polymarket, is connected to UMA’s Optimistic Oracle using the UMA CTF Adapter.
ZachXBT found the address 0x8F980…d9B91 associated with the alleged vulnerability on Polygon. One associated address is identified by PolygonScan as “Polymarket Adapter Exploiter 1.” “0x91430…4E5c5” is the contract mentioned in the alert. ZachXBT reports that two associated addresses, “0x871D7…29082” and “0xf61e3…94805,” seem to have been emptied.
As of Friday morning, blockchain specialists Lookonchain reported that the amount drained had increased from the $520,000 ZachXBT had previously reported to over $660,000.
As the security company independently verified ZachXBT’s analysis, PeckShield stated that a portion of the money was then put into ChangeNOW, a non-custodial exchange.
Polymarket Eyes $15 Billion Valuation After Major Funding Push
A prediction market website called Polymarket allows users to place bitcoin bets on the course of actual events.
As late as April 2026, the company was in negotiations to raise about $400 million at a valuation of about $15 billion after Intercontinental Exchange, the parent company of the New York Stock Exchange, made a strategic investment of $600 million.
Polymarket’s core infrastructure has previously come under investigation.
An “unprecedented” governance attack on the protocol is said to have occurred in March 2025 when a single actor with about 25% of UMA’s voting power allegedly drove the resolution of a $7 million prediction market to “Yes” even if the underlying event did not materialize, according to Polymarket.
Following the discovery of a vulnerability in a third-party authentication provider, Polymarket reported in December 2025 that multiple users had lost money.
Stay informed with the latest trends in Web3, blockchain innovation, and cybersecurity updates at 3verseTV
You need to login in order to Like
Leave a comment