Polymarket probes suspected private key compromise of internal top-up wallet on Polygon

Suspicious outflows tied to Polymarket's UMA CTF Adapter infrastructure on Polygon prompted an internal investigation on Friday after onchain investigator ZachXBT flagged funds being drained from two related addresses.

Polymarket confirmed awareness of the incident in a Discord message, saying findings point to a possible private key compromise of a wallet used for internal top-up operations rather than any breach of contracts or core infrastructure. "User funds and market resolution are safe," the message read. Josh Stevens, VP of Engineering for DeFi at Polymarket, separately wrote on X that the incident was not a contract hack and appeared to involve a compromised private key, adding that user funds on the platform are safe.

The UMA CTF Adapter connects UMA's Optimistic Oracle with the Gnosis Conditional Tokens framework used for market resolution on Polymarket.

ZachXBT identified an address tied to the suspected exploit on Polygon as 0x8F980...d9B91. PolygonScan labels one related address as "Polymarket Adapter Exploiter 1." The contract referenced in the alert is “0x91430...4E5c5.” According to ZachXBT, two related addresses appear to have been drained, including “0x871D7...29082” and “0xf61e3...94805.”