Polymarket · Oracle · Cointelegraph
Polymarket team says user funds safe as exploit losses climb above $600K
Compiled by KHAO Editorial — aggregated from 2 sources. See llms.txt for citation guidance.
✓ KHAO Verified
Polymarket said user funds and market resolution were safe after a suspected private key compromise tied to top-up operations.
Key facts
- Blockchain data platform Lookonchain estimated that about $660,000 was drained from the Polymarket-linked contract as of 9:01 am UTC on Friday
- Blockchain data visualization platform Bubblemaps said in a Friday X post that the attacker continues to remove about 5,000 POL tokens every 30 seconds, amassing about $600,000 in stolen funds so far
- Blockchain investigator ZachXBT first flagged the exploit as a compromise to the Polymarket-linked UMA Conditional Tokens Framework (CTF) Adapter contract on Polygon, with the exploiter draining
- Polymarket integrated UMA ’ s optimistic oracle solution on Feb. 3, 2022, enabling automated and decentralized resolution for its prediction market contracts
Summary
Polymarket confirmed a security exploit affected part of its infrastructure, pointing to a possible private key compromise involving a wallet used for top-up operations, while saying user funds and market resolution were safe. In a Friday X post, Polymarket developers said contracts and core infrastructure were unaffected. Blockchain investigator ZachXBT first flagged the exploit as a compromise to the Polymarket-linked UMA Conditional Tokens Framework (CTF) Adapter contract on Polygon, with the exploiter draining at least $520,000. However, Josh Stevens, Polymarket’s vice president of engineering, said the contracts were safe and that the exploit was limited to a six-year-old private key used for internal top-up operations.