The world’s largest decentralized forecasting market platform, PolymarketHe suffered a security incident that resulted in a loss of approximately $520,000 to $700,000 in a year. Cryptocurrency.
In this line, Blockchain Investigator ZackXBT Firstly Highlight Suspicious activity on May 22 after significant outflows from contracts linked to the platform were observed on Polygon (pee) Blockchain.
The incident involved rapid withdrawals, with reports suggesting that the attacker drained around 5,000 POL tokens every 30 seconds from addresses linked to Polymarket’s UMA CTF converter.
The converter serves as a key integrator for market settlement through UMA’s Optimistic Oracle system. The funds, primarily in USDC and POL, flowed to an attacker-controlled address starting with 0x8F98. The systematic nature of the banks suggested the use of an automated script.
Polymarket He responded Quickly, the team clarified that the hack did not stem from a vulnerability in the platform’s underlying smart contracts or the compromise of user funds.
Instead, the incident arose from the disclosure of a private key belonging to an old internal wallet, said to be six years old, used for reward payouts and system top-ups. The wallet held treasury funds rather than customer deposits or trading collateral.
Polymarket response
The engineers immediately turned the switches, It has been revoked Hacked access, collaboration with ZachXBT and several exchanges to track and recover portions of stolen assets.
According to updates, the platform successfully recovered around $164,000 of the total amount drained, which ranged between $573,000 and $700,000 depending on token price fluctuations at the time.
It is worth noting that trading on Polymarket It continued uninterrupted throughout the event, and was not affected by market decisions.
As one of the most prominent prediction markets, Polymarket processes large trading volumes, making such incidents particularly visible within the DeFi space.
