Polymarket Confirms Private Key Compromise

ZachXBT suspected an attack on the Polymarket UMA CTF Adapter contract on Polygon.

On-chain investigator ZachXBT suspected an attack on the UMA CTF Adapter contract associated with Polymarket on the Polygon network. The platform’s team confirmed awareness of the incident.

According to them, the investigation results indicate a possible leak of a wallet’s private key used for internal operations to top up accounts, rather than a breach of contracts or a vulnerability in the core infrastructure. 

PeckShield specialists confirmed that funds were withdrawn from two addresses. Part of the stolen assets was sent through the non-custodial exchange ChangeNOW.

#PeckShieldAlert #ZachXBT reports that the Polymarket UMA CTF Adapter contract on #Polygon has potentially been exploited.

2 addresses (0x871D…9082 and 0xf61e…4805) have been drained of approximately $520K.

The attacker has already deposited a portion of the stolen funds… pic.twitter.com/ogne5K58mC

— PeckShieldAlert (@PeckShieldAlert) May 22, 2026

Experts at Bubblemaps noted that hackers were withdrawing approximately 5000 POL every 30 seconds. According to the service, the damage amounted to about $700,000.

UPDATE: ~$700k exploited

• Suspected withdrawals have stopped
• Polymarket said the incident was isolated and user funds are safe

The stolen funds were split across 16 addresses and routed through CEXs and other services

Exploiter addresses:… https://t.co/gSXWv7UywX

— Bubblemaps (@bubblemaps) May 22, 2026

Polymarket representative Shantikiran Chanal clarified that the incident is related to rewards payout.

We’re aware of the security reports linked to rewards payout. User funds and market resolution are safe.

Findings point to a private key compromise of a wallet used for internal operations, not contracts or core infrastructure.

More updates to follow.

— Shantikiran Chanal (@ShantikiranC) May 22, 2026

The UMA CTF Adapter contract is used for market resolution through UMA’s Optimistic Oracle. On GitHub, the project is described as an adapter for obtaining resolution data and completing market conditions.

Earlier in May, hacking attacks targeted Ekubo, TrustedVolumes, THORChain, Verus, Echo, and Map Protocol.