1 week ago
2
Here's how much the attacker has siphon off the platform so far.
Popular on-chain sleuth ZachXBT warned earlier today that an admin address of Polymarket appeared to have been compromised on the Polygon blockchain.
At first, he noted that the stolen amount was around $520,000. However, follow-up updates from Bubblemaps and Lookonchain explained that the actual amount might have surpassed $600,000.
2/ @zachxbt was the first to share the exploit and identify that it was a Polymarket UMA CTF adapter contract.
The attacker has already split the funds across 15 addresses.
More updates soon.
Attacker address: https://t.co/G9sNVvunkT
— Bubblemaps (@bubblemaps) May 22, 2026
The attacker split the funds across 15 addresses after exploiting Polymarket’s UMA CFT adapter contract.
Polymarket’s Shantikiran Chanal acknowledged the attack on X, saying that the team is “aware of the security reports linked to rewards payout” before adding that “user funds and market resolutions are safe.”
Chanal also explained that the team is investigating whether any other internal secrets may have been affected and that they are rotating their backend services.
About the author
Jordan got into crypto in 2016 by trading and investing. He began writing about blockchain technology in 2017 and now serves as CryptoPotato's Assistant Editor-in-Chief. He has managed numerous crypto-related projects and is passionate about all things blockchain.
English (US) · 