Newsgather
BackPolymarket Suffers Security Exploit, User Funds Safe
Polymarket Suffers Security Exploit, User Funds Safe
In Entwicklung
Cointelegraph22.05.2026Technik2 dk okuma

Polymarket Suffers Security Exploit, User Funds Safe

Auf einen Blick

  • Polymarket experienced a security exploit affecting a wallet used for internal top-up operations, potentially compromising a six-year-old private key.
  • While at least $600,000 was drained, the company assures user funds and core infrastructure remain safe.

KI-generierte Zusammenfassung

Warum es wichtig ist

Polymarket, a major prediction market platform, experienced a security breach where a wallet used for internal operations was compromised. This led to the draining of funds, though the company insists core infrastructure and user assets are secure.

Schriftgröße

Polymarket confirmed a security exploit affected part of its infrastructure, pointing to a possible private key compromise involving a wallet used for top-up operations, while saying user funds and market resolution were safe.

In a Friday X post, Polymarket developers said contracts and core infrastructure were unaffected. Polymarket product lead Akanshu Jain and multiple other Polymarket employees also said user funds and market resolution are safe.

Blockchain investigator ZachXBT first flagged the exploit as a compromise to the Polymarket-linked UMA Conditional Tokens Framework (CTF) Adapter contract on Polygon, with the exploiter draining at least $520,000.

However, Josh Stevens, Polymarket’s vice president of engineering, said the contracts were safe and that the exploit was limited to a six-year-old private key used for internal top-up operations. All permissions tied to the key have been revoked, he said.

The UMA CTF adapter is an oracle contract used to help resolve Polymarket prediction markets through UMA’s Optimistic Oracle. Polymarket is the world’s second-largest prediction market with $3.7 billion in monthly trading volume, according to DefiLlama.

Polyscan data reviewed by Cointelegraph showed more than 100 small transfers into the alleged attacker wallet. Most were worth up to 5,000 Polygon (POL) tokens.

Address of the Polymarket adapter contract attacker. Source: Polygonscan

Exploit losses climb past $600,000

Multiple blockchain data platforms reported similar onchain activity tied to the suspected exploit.

Blockchain data visualization platform Bubblemaps said in a Friday X post that the attacker continues to remove about 5,000 POL tokens every 30 seconds, amassing about $600,000 in stolen funds at the time of writing.

Source: Bubblemaps

Blockchain data platform Lookonchain estimated that about $660,000 was drained from the Polymarket-linked contract as of 9:01 am UTC on Friday.

Related: Crypto VC funding plunges to $659M in April, hits near two-year low

Polymarket integrated UMA’s optimistic oracle solution on Feb. 3, 2022, enabling automated and decentralized resolution for its prediction market contracts.

Cointelegraph contacted Polymarket and UMA for comment but had not received a response by publication.

Offene Fragen

  • What is the exact timeline of the private key compromise?
  • Were there any internal security lapses that allowed the six-year-old key to be compromised?
  • Will Polymarket take further steps to enhance its security protocols beyond revoking the key?
  • What is the total amount of Polygon (POL) tokens that were drained?

Verwandte Themen

This article was originally published by Cointelegraph.

Ähnliche Meldungen

Mehr zu diesem ThemaPolymarket