Polymarket has clarified that neither the platform nor the UMA smart contract was exploited. This comes after on-chain investigator ZachXBT flagged a breach involving the prediction-market platform on Polygon.
In a community alert issued earlier, ZachXBT said the Polymarket UMA CTF Adapter contract “appears to have been exploited.”
According to the post, attackers drained more than $520,000. ZachXBT highlighted that the attacker’s address was 0x8F98075db5d6C620e8D420A8c516E2F2059d9B91.
However, Polymarket’s VP of Engineering, Josh Stevens, later clarified that neither Polymarket nor UMA smart contracts were compromised.
“All user funds are safe, and using Polymarket.com is safe, so business as usual,” Stevens said.
According to Stevens, the breach stemmed from a six-year-old private key tied to Polymarket’s internal top-up configuration, which is why funds were being routed to the wallet flagged by on-chain investigators.
The team has since rotated the compromised key, revoked all production permissions associated with it, and migrated all private keys to KMS-based key management going forward.
Follow us on X to get the latest news as it happens
The Polymarket incident lands amid a broader spike in DeFi exploits this month. May has already produced five separate hacks in the past week alone, pushing the monthly tally to 19, according to DeFiLlama data. Cumulative losses across those incidents have reached roughly $38.2 million.
Subscribe to our YouTube channel to watch leaders and journalists provide expert insights
