Polymarket hit by $700K exploit of internal top-up wallet

A compromised private key dating back six years gave an attacker access to Polymarket’s internal rewards wallet, resulting in approximately $700,000 in stolen funds across 16 addresses. The prediction market platform, which runs on the Polygon blockchain, confirmed the breach did not touch user deposits or affect market outcomes.

Think of it like someone finding an old spare key to the office supply closet. They didn’t get into the vault, but they cleaned out the closet pretty thoroughly.

How the drain unfolded

On-chain investigators ZachXBT and Bubblemaps were the first to flag the suspicious activity on May 22. Initial estimates pegged the damage at around $520,000, but that figure climbed to roughly $700,000 as researchers traced stolen funds through multiple addresses, exchanges, and mixers.

The attacker moved quickly, draining 5,000 POL tokens every 30 seconds in the early stages. That kind of methodical cadence suggests automation, not someone frantically clicking buttons.

Polymarket hit by $700K exploit of internal top-up wallet

Other newsrooms on this story

Related reading

Polymarket says user funds safe after admin wallet compromise triggers $700,000…

Polymarket investigates private key compromise, no contract exploit found

Polymarket Hit By ‘Internal Top-Up’ Wallet Exploit, $700K Drained - Decrypt

Polymarket investigates suspicious transactions, confirms no contract hack

Polymarket probes suspected private key compromise of internal top-up wallet on…

Polymarket-Linked UMA Adapter Exploited For at Least $520K