Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    Anthropic’s Claude Fable 5 Crypto Hacks
    Anthropic’s Claude Fable 5: The AI That Could Supercharge Crypto Hacks and Defenses
    CLARITY Act Stalls Why Senate's August Recess Puts US Crypto Rules at Risk
    CLARITY Act Stalls: Why Senate’s August Recess Puts US Crypto Rules at Risk
    Three Stories, One Pattern Why Binance Is Having Its Worst Week Since the Pardon
    Three Stories, One Pattern: Why Binance Is Having Its Worst Week Since the Pardon
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Inside the Trump Family’s $1.2B Crypto Windfall Who Paid the Price
    Inside the Trump Family’s $1.2B Crypto Windfall: Who Paid the Price?
  • Opinion
    OpinionShow More
    The Bitcoin Treasury Blueprint What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    The Bitcoin Treasury Blueprint: What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
Market News

Polymarket Ops Wallet Drained $700K — User Funds Unaffected

ZachXBT identified a $700K drain from Polymarket reward wallets on Polygon — but within hours, Polymarket's engineering lead clarified the incident as a private key compromise

Written By Dhara Chavda
Published 2026-05-22·Updated 4 weeks ago
Make The Crypto Times preferred on GoogleGoogle
Share
Polymarket Ops Wallet Drained $700K — User Funds Unaffected
Show AI Summary
A security incident occurred when $700,000 in POL tokens were drained from wallets within hours.
On-chain investigators flagged the issue, prompting Polymarket’s engineering lead to issue a clarification.
The incident was found to be a private key compromise of an internal wallet, not a smart contract exploit.

Polymarket, the world’s largest decentralized prediction market, faced a security incident when on-chain investigators flagged a $700,000 drain of POL tokens from wallets connected to its reward payout infrastructure on the Polygon network.

Within hours, Polymarket’s engineering lead issued a clarification that materially changes the nature of the story: this was not a smart contract exploit. It was a private key compromise of an internal operations wallet — a security failure at the access control level, not in the platform’s core infrastructure.

Polymarket’s UMA CTF Adapter contract on Polygon was exploited, with an attacker draining over $700,000 in POL tokens at a rate of approximately 5,000 tokens every 30 seconds before splitting the stolen funds across at least 15 wallet addresses.

On-chain investigator ZachXBT was first to flag the exploit, identifying the attacker’s address (0x8F98…9B91) and the related contracts being drained. Bubblemaps independently confirmed the ongoing drain and urged users to pause all Polymarket activity.

Polymarket UMA CTF Adapter contract exploit | Source: ZachXBT
Polymarket UMA CTF Adapter contract exploit | Source: ZachXBT

The attacker drained at least two addresses—0x871D…9082 and 0xf61e…4805 — through a related contract (0x9143…e5c5) connected to the UMA CTF (Conditional Token Framework) Adapter, the infrastructure layer that connects Polymarket’s prediction markets to UMA’s optimistic oracle for resolution.

Polymarket: Private Key Compromise, Not a Contract Exploit

Polymarket engineering lead Shantikiran Chanal responded within hours, stating that the incident was narrower than initial reports suggested.

“We’re aware of the security reports linked to rewards payout. User funds and market resolution are safe,” Chanal wrote. “Findings point to a private key compromise of a wallet used for internal operations, not contracts or core infrastructure.”

If confirmed, this distinction is critical. A private key compromise of an operations wallet is a security failure at the access control level — not a vulnerability in the smart contract logic itself. It means the attacker gained signing authority over a wallet that controlled reward distribution funds, rather than exploiting a flaw in Polymarket’s market resolution or settlement contracts.

User deposits, open positions, and market outcomes remain unaffected according to Polymarket’s statement. However, the full scope of the compromise has not yet been independently verified.

The Market Priced It Right

The market reaction provided a real-time demonstration of increasingly sophisticated on-chain risk pricing. Santiment data shows UMA dropped 3.3% during the exploit window—falling from $0.477 at 07:00 UTC to $0.462 by 09:00 UTC—while POL remained essentially flat at approximately $0.092.

Polymarket’s UMA CTF Adapter is being exploited on Polygon — attacker draining 5,000 $POL every 30 seconds, $520K+ stolen so far (Santiment MCP + Claude):
⚖️ $UMA price reaction: $0.477 (07:00 UTC) → $0.462 (09:00 UTC), -3.3% as the exploit unfolded.
📊 $POL price over the same… pic.twitter.com/KhcaeEK4BD

— Santiment Intelligence (@SantimentData) May 22, 2026

The divergence makes sense: the UMA CTF Adapter is the vulnerable component in this incident. UMA’s oracle infrastructure is directly implicated in the exploit pathway, while Polygon’s base layer functioned as designed—the attacker simply used POL as the token being extracted through the compromised adapter.

“When the market correctly discriminates between protocol risk and token mechanics, that’s a sign of a more mature on-chain audience than headline-driven reaction suggests,” Santiment noted.

Funds Already Dispersed

Bubblemaps confirmed the attacker has already split the stolen funds across at least 15 addresses — a standard dispersion tactic designed to complicate tracing and make potential freezing or recovery more difficult. The speed of the dispersion—occurring while the drain was still active—suggests the attacker had pre-planned the laundering infrastructure.

No freeze actions have been announced by Polygon or any exchanges as of publication. The attacker’s primary address and the 15 receiving wallets have been publicly identified, which may aid future recovery efforts or exchange-level blocks.

What Was — and Was Not — Compromised

To understand why Polymarket’s clarification is significant, it helps to understand what the UMA CTF Adapter actually does.

The UMA CTF Adapter connects Polymarket’s prediction markets to UMA’s Optimistic Oracle for resolution. When a market is first created, the Adapter automatically sends a resolution request to the Oracle. Proposers submit answers with a bond, and if no dispute arises within a two-hour challenge period, the resolution data is available to the Adapter. The Adapter then resolves the market condition based on that data.

The reward payout wallet — the wallet that was compromised — is a separate administrative function. It holds POL tokens used to incentivize oracle proposers who participate in market resolution. Draining it does not affect whether markets resolve correctly, whether user USDC deposits are safe, or whether open positions settle at the correct price.

What it does affect is Polymarket’s ability to incentivize the proposer network that keeps its oracle system functioning. If reward wallets are persistently compromised, the economic incentive for UMA proposers to participate in market resolution degrades. That is a longer-term operational risk — not an immediate threat to existing positions, but not a trivial issue either.

Context: Polymarket’s Security Track Record

The exploit arrives at a sensitive moment for Polymarket, which has grown into the dominant prediction market platform with billions in monthly trading volume and has become a frequently cited data source for political, economic, and crypto market forecasting.

The platform faced scrutiny earlier this month when Le Monde exposed a weather sensor manipulation scheme designed to influence prediction market outcomes. In April, the platform banned a French trader who had manipulated physical weather data to profit from temperature-based contracts.

The UMA CTF Adapter specifically has been a recurring point of discussion in the Polymarket community. The adapter translates UMA’s optimistic oracle outcomes into conditional token resolutions — a critical piece of infrastructure that handles the flow between market resolution and user payouts. A compromise at this layer, even via private key rather than contract logic, raises questions about access control standards for infrastructure components handling significant capital flows.

Polymarket has not disclosed the total amount stolen, whether the drain has been fully stopped, or what remediation steps are being taken beyond the initial statement. Further updates are expected.

UPDATE: Portion of Stolen Funds Frozen

Following the breach, swift industry coordination has successfully blocked a portion of the stolen assets. In a collaborative effort led by on-chain sleuth ZachXBT alongside cryptocurrency exchange BitcoinVN and ChangeNOW, security teams managed to freeze $164,000 of the $573,200 that had been transferred from the compromised private key.

The rapid response highlights a major win for ecosystem-wide security coordination, though efforts to track and recover the remaining outstanding funds are still ongoing.

Also Read: Polymarket Faces Scrutiny Over Hidden Influencer Payments

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News
Google News Banner

TAGGED:Polymarket
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

Trump's Bitcoin Reserve Faces Questions Over Authority
Trump’s Bitcoin Reserve Faces Questions Over Authority
VALR Goes Live With Hyperliquid-Powered Perpetuals in Africa
VALR Goes Live With Hyperliquid-Powered Perpetuals in Africa
El Paso Proposes Mandatory Scam Warnings for Crypto ATMs
El Paso Proposes Mandatory Scam Warnings for Crypto ATMs
BonkDAO Hit by $20M Treasury Drain in Governance Attack, BONK Slides
BonkDAO Hit by $20M Treasury Drain in Governance Attack, BONK Slides
AI Researcher Identifies Vitalik Buterin's Anonymous Paper
AI Researcher Identifies Vitalik Buterin’s Anonymous Paper

Find Us on Socials

You may also like

AVAX One Changes CEOs as Crypto Treasury Stocks Struggle

AVAX One Changes CEO as Crypto Treasury Stocks Struggle

XRP Steals the Spotlight on Upbit, Outpacing Bitcoin and Ethereum

XRP Steals the Spotlight on Upbit, Outpacing Bitcoin and Ethereum

TeraWulf Stock (WULF) Soars 15% as Anthropic Lease Fuels AI Pivot

TeraWulf Stock (WULF) Soars 15% as Anthropic Lease Fuels AI Pivot

Web3 Lost $1.31B in H1 2026 as Hackers Changed Their Playbook: CertiK

Web3 Lost $1.31B in H1 2026 as Hackers Changed Their Playbook: CertiK

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information