Polymarket investigates suspicious transactions, confirms no contract hack

Polymarket is dealing with a security scare after suspicious on-chain activity was flagged on Polygon, revealing that a compromised private key allowed unauthorized outflows from an internal operations wallet. The damage: somewhere between $520,000 and $700,000 in POL tokens, siphoned off and scattered across more than a dozen wallet addresses.

The good news, if you can call it that, is this wasn’t a smart contract exploit. The bad news is that the key in question was reportedly six years old, which raises a different kind of question entirely.

What happened and how it was caught

On-chain investigator ZachXBT was the first to flag the suspicious activity. He spotted unusual outflows from Polygon addresses tied to Polymarket’s UMA Conditional Tokens Framework adapter infrastructure. In English: these were internal wallets the platform uses for backend operations and top-ups, not the contracts that handle user bets or market settlements.

At the initial stage, roughly 5,000 POL tokens were being drained every 30 seconds. That’s the kind of pace that doesn’t exactly scream “authorized transaction.”

Polymarket investigates suspicious transactions, confirms no contract hack

Other newsrooms on this story

Related reading

Polymarket says user funds safe after admin wallet compromise triggers $700,000…

Polymarket investigates private key compromise, no contract exploit found

Polymarket Hit By ‘Internal Top-Up’ Wallet Exploit, $700K Drained - Decrypt

Polymarket probes suspected private key compromise of internal top-up wallet on…

ZachXBT flags $520K Polymarket exploit on Polygon, team says funds are safe

Polymarket-Linked UMA Adapter Exploited For at Least $520K