{"id":97357,"date":"2026-05-22T15:31:53","date_gmt":"2026-05-22T12:31:53","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=97357"},"modified":"2026-05-22T15:35:17","modified_gmt":"2026-05-22T12:35:17","slug":"polymarket-confirms-private-key-compromise","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/polymarket-confirms-private-key-compromise\/","title":{"rendered":"Polymarket Confirms Private Key Compromise"},"content":{"rendered":"<p>On-chain investigator ZachXBT suspected an attack on the UMA CTF Adapter contract associated with <a href=\"https:\/\/forklog.com\/en\/news\/what-is-polymarket\">Polymarket<\/a> on the <a href=\"https:\/\/forklog.com\/en\/news\/what-is-polygon-matic\">Polygon<\/a> network. The platform&#8217;s team <a href=\"https:\/\/discord.com\/login?redirect_to=%2Flogin%3Fredirect_to%3D%252Fchannels%252F710897173927297116%252F775506448041115669%252F1507313012149850152\">confirmed<\/a> awareness of the incident.<\/p>\n<p><script async src=\"https:\/\/telegram.org\/js\/telegram-widget.js?23\" data-telegram-post=\"investigations\/327\" data-width=\"100%\"><\/script><\/p>\n<p>According to them, the investigation results indicate a possible leak of a wallet&#8217;s private key used for internal operations to top up accounts, rather than a breach of contracts or a vulnerability in the core infrastructure.\u00a0<\/p>\n<p>PeckShield specialists confirmed that funds were withdrawn from two addresses. Part of the stolen assets was sent through the non-custodial exchange ChangeNOW.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/PeckShieldAlert?src=hash&#038;ref_src=twsrc%5Etfw\">#PeckShieldAlert<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/ZachXBT?src=hash&#038;ref_src=twsrc%5Etfw\">#ZachXBT<\/a> reports that the Polymarket UMA CTF Adapter contract on <a href=\"https:\/\/twitter.com\/hashtag\/Polygon?src=hash&#038;ref_src=twsrc%5Etfw\">#Polygon<\/a> has potentially been exploited. <\/p>\n<p>2 addresses (0x871D\u20269082 and 0xf61e\u20264805) have been drained of approximately $520K.<\/p>\n<p>The attacker has already deposited a portion of the stolen funds\u2026 <a href=\"https:\/\/t.co\/ogne5K58mC\">pic.twitter.com\/ogne5K58mC<\/a><\/p>\n<p>\u2014 PeckShieldAlert (@PeckShieldAlert) <a href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/2057745696674218049?ref_src=twsrc%5Etfw\">May 22, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Experts at Bubblemaps noted that hackers were withdrawing approximately 5000 POL every 30 seconds. According to the service, the damage amounted to about $700,000.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">UPDATE: ~$700k exploited<\/p>\n<p>\u2022 Suspected withdrawals have stopped<br \/>\u2022 Polymarket said the incident was isolated and user funds are safe<\/p>\n<p>The stolen funds were split across 16 addresses and routed through CEXs and other services<\/p>\n<p>Exploiter addresses:\u2026 <a href=\"https:\/\/t.co\/gSXWv7UywX\">https:\/\/t.co\/gSXWv7UywX<\/a><\/p>\n<p>\u2014 Bubblemaps (@bubblemaps) <a href=\"https:\/\/twitter.com\/bubblemaps\/status\/2057759874730078450?ref_src=twsrc%5Etfw\">May 22, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Polymarket representative Shantikiran Chanal clarified that the incident is related to rewards payout.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We\u2019re aware of the security reports linked to rewards payout. User funds and market resolution are safe. <\/p>\n<p>Findings point to a private key compromise of a wallet used for internal operations, not contracts or core infrastructure.<\/p>\n<p>More updates to follow.<\/p>\n<p>\u2014 Shantikiran Chanal (@ShantikiranC) <a href=\"https:\/\/twitter.com\/ShantikiranC\/status\/2057754616230514957?ref_src=twsrc%5Etfw\">May 22, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The UMA CTF Adapter contract is used for market resolution through UMA&#8217;s Optimistic Oracle. On <a href=\"https:\/\/github.com\/Polymarket\/uma-ctf-adapter\">GitHub<\/a>, the project is described as an adapter for obtaining resolution data and completing market conditions.<\/p>\n<p>Earlier in May, hacking attacks targeted <a href=\"https:\/\/forklog.com\/en\/news\/hacker-exploits-1-4-million-vulnerability-in-ekubo-contract\">Ekubo<\/a>, <a href=\"http:\/\/trustedvolumes\/\">TrustedVolumes<\/a>, <a href=\"https:\/\/forklog.com\/en\/news\/thorchain-team-reveals-details-of-10-million-hack\">THORChain<\/a>, <a href=\"https:\/\/forklog.com\/en\/news\/hackers-extract-11-5-million-from-verus-protocol\">Verus<\/a>, <a href=\"https:\/\/forklog.com\/en\/news\/echo-protocol-suffers-816000-hack\">Echo<\/a>, and <a href=\"https:\/\/forklog.com\/en\/news\/mapo-token-plummets-96-following-hack\">Map Protocol<\/a>.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On-chain investigator ZachXBT suspected an attack on the Polymarket UMA CTF Adapter contract on the Polygon network. The platform&#8217;s team confirmed awareness of the incident.<\/p>\n","protected":false},"author":1,"featured_media":97358,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"ZachXBT suspected an attack on the Polymarket UMA CTF Adapter contract on Polygon.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1148,1595],"class_list":["post-97357","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-polymarket","tag-prediction-markets"],"aioseo_notices":[],"amp_enabled":true,"views":"9","promo_type":"1","layout_type":"1","short_excerpt":"ZachXBT suspected an attack on the Polymarket UMA CTF Adapter contract on Polygon.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/97357","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=97357"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/97357\/revisions"}],"predecessor-version":[{"id":97359,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/97357\/revisions\/97359"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/97358"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=97357"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=97357"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=97357"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}