- Polymarket confirms a private key compromise of an internal operations wallet on May 22.
- On-chain investigator ZachXBT first identified the exploit and flagged the attacker's address.
- Roughly $600K in POL tokens was drained and split across 15 separate addresses.
- Polymarket states user funds and market resolution contracts remain fully intact.
Polymarket, the prediction market platform running on Polygon, was hit by a security incident on May 22 after an attacker drained an estimated $600,000 in POL tokens from what the company later confirmed was an internal operations wallet, not a user-facing contract.
Early on-chain alerts, first surfaced by blockchain investigator ZachXBT, described funds being withdrawn at roughly 5,000 POL every 30 seconds. The speed of the drain triggered widespread concern across crypto social channels, with some early reports putting cumulative losses at over $660,000.
Attacker Splits Funds; Polymarket Narrows the Damage
Blockchain analytics firm Bubblemaps identified the breach point as Polymarket’s UMA CTF adapter contract and confirmed the attacker’s wallet address on Polygonscan: 0x8F98075d…2059d9B91.
By the time the broader community began tracking the incident, the stolen funds had already been dispersed across 15 addresses, a common technique to complicate tracing and recovery efforts.
Polymarket moved quickly to clarify the scope of the incident. In a statement, Shantikiran Chanal, part of Polymarket’s protocol team, said the breach stemmed from a compromise of a private key used for internal operations and rewards payouts. Core infrastructure and smart contracts were explicitly ruled out.
“User funds and market resolution are safe,” Chanal assured users.
The distinction matters. Polymarket’s markets are settled through a decentralized UMA oracle mechanism, and a compromise of an operations wallet, while costly, sits outside that settlement layer. Users asking whether their positions or linked wallets were at risk were reassured that contracts had not been touched.
The platform said additional updates were forthcoming as the investigation continued. At the time of writing, no timeline for the recovery of stolen funds was provided, and it remains unclear whether the private key compromise resulted from an external breach or an internal security lapse.
READ MORE: Zero Network to Shut Down Ethereum Layer 2 Amid Market Pressure
