Hacker drains $660,000 from Polymarket's internal wallet

Key points:

• A hacker has drained more than $660,000 from two addresses linked to the UMA CTF Adapter on Polygon.
• Polymarket says user funds and market settlement remain safe.
• Some of the stolen assets have already been sent to the non-custodial exchange ChangeNOW.

On-chain investigator ZachXBT spotted suspicious transactions involving the UMA CTF Adapter infrastructure used by Polymarket on the Polygon network. According to him, more than $660,000 was siphoned out of two addresses. Polymarket has confirmed the incident and launched an internal investigation.

In a Discord message, the team clarified that the issue appears to be a compromised private key for a wallet used for internal funding operations. The smart contracts and underlying infrastructure were not affected.

User funds and market settlement are safe, — Polymarket said in its statement.

Josh Stevens, VP of Engineering for Polymarket's DeFi division, separately confirmed on X that this is not a contract exploit but a private key compromise.

How the Polymarket breach happened

ZachXBT identified the attacker's address as 0x8F980...d9B91. PolygonScan has already tagged it as "Polymarket Adapter Exploiter 1." The compromised contract is 0x91430...4E5c5, and the affected addresses are 0x871D7...29082 and 0xf61e3...94805.

ZachXBT initially put the damage at $520,000, but Lookonchain analysts recorded $660,000. PeckShield confirmed the findings and reported that the attacker sent some of the stolen funds to ChangeNOW.

Polygon Labs CTO Mudit Gupta also weighed in on the incident, saying Polymarket's contracts are fine and that what was compromised was the market initializer.

Polymarket's history of breaches

Polymarket is the largest decentralized prediction market platform. In April 2026, the company was in talks for a $400 million funding round at a valuation of around $15 billion. The platform had previously received $600 million in strategic investment from Intercontinental Exchange, the parent company of the New York Stock Exchange.

Polymarket acknowledges user account hack due to third-party service

The platform stated that the vulnerability has been fixed and there are no longer any risks to users

Читать дальше

This is not the first time Polymarket's infrastructure has been hit. In December 2025, the company confirmed that a series of user account hacks stemmed from a vulnerability at a third-party authentication provider.

Users at the time reported funds being drained after receiving login attempt notifications — without clicking any suspicious links. Polymarket did not disclose the number of affected users or the total damage, but said the issue had been resolved.