Written by Zoltan Vardai⁠, Staff Writer. Reviewed by Bryan O’Shea⁠, Staff Editor.

Written by Zoltan Vardai⁠, Staff Writer.

Reviewed by Bryan O’Shea⁠, Staff Editor.

Polymarket team says user funds safe as exploit losses climb above $600K

Latest NewsPublishedMay 22, 2026

Polymarket stated user funds and market resolution were safe after a suspected private key compromise tied to top-up operations.

Polymarket verified a security exploit affected part of its infrastructure, pointing to a possible private key compromise involving a wallet used for top-up operations, while saying user funds and market resolution were safe.

In a Friday X post, Polymarket developers stated contracts and core infrastructure were unaffected. Polymarket product lead Akanshu Jain and multiple other Polymarket employees also stated user funds and market resolution are safe.

Blockchain investigator ZachXBT first flagged the exploit as a compromise to the Polymarket-linked UMA Conditional Tokens Framework (CTF) Adapter contract on Polygon, with the exploiter draining at least $520,000.

nevertheless, Josh Stevens, Polymarket’s vice president of engineering, stated the contracts were safe and that the exploit was limited to a six-year-old private key used for internal top-up operations. All permissions tied to the key have been revoked, he stated.

The UMA CTF adapter is an oracle contract used to help resolve Polymarket prediction markets through UMA’s Optimistic Oracle. Polymarket is the world’s second-largest prediction market with $3.7 billion in monthly trading volume, as reported by DefiLlama. 

Polyscan data reviewed by Cointelegraph showed more than 100 small transfers into the alleged attacker wallet. Most were worth up to 5,000 Polygon (POL) tokens.

Address of the alleged Polymarket adapter contract attacker. Source: Polygonscan

Exploit losses climb past $600,000

Multiple blockchain data platforms reported similar onchain activity tied to the suspected exploit.

Blockchain data visualization platform Bubblemaps stated in a Friday X post that the attacker continues to remove about 5,000 POL tokens every 30 seconds, amassing about $600,000 in stolen funds at the time of writing.

Source: Bubblemaps

Blockchain data platform Lookonchain estimated that about $660,000 was drained from the Polymarket-linked contract as of 9:01 am UTC on Friday.

Related: Crypto VC funding plunges to $659M in April, hits near two-year low

Polymarket integrated UMA’s optimistic oracle solution on Feb. 3, 2022, enabling automated and decentralized resolution for its prediction market contracts.

Cointelegraph contacted Polymarket and UMA for comment but had not received a response by publication.

Magazine: The legal battle over who can claim DeFi’s stolen millions 

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

• Hackers
• Hacks
• Polymarket
• Prediction Markets
• Smart Contracts
• Cybersecurity
• Scams & Cybercrime

More on the subject

Verus bridge exploiter returns $8.5M after bounty offer

5 hours ago

Zoltan Vardai

Accused attackers of Sandbox exec’s wife tried to flee via Uber

10 hours ago

Stephen Katte

US sanctions Sinaloa cartel-linked Ethereum addresses

May 21, 2026

Zoltan Vardai

Verus bridge exploiter returns $8.5M after bounty offer

5 hours ago

Zoltan Vardai

Accused attackers of Sandbox exec’s wife tried to flee via Uber

10 hours ago

Stephen Katte

US sanctions Sinaloa cartel-linked Ethereum addresses

May 21, 2026

Zoltan Vardai