Polymarket, the world's largest decentralised prediction market, suffered its first confirmed security incident on May 22, 2026, when attackers drained more than $520,000 from an internal operations wallet tied to the platform's rewards payout infrastructure on Polygon.

Blockchain investigator ZachXBT was the first to flag the breach, posting to his Telegram channel that Polymarket's UMA CTF Adapter contract on Polygon was suspected of being targeted. On-chain analytics account Bubblemaps reported that at peak, attackers were removing 5,000 POL tokens every 30 seconds from the affected addresses.

Security firm PeckShield identified two drained addresses on Polygon — 0x871D7c0f9E19001fC01E04e6cdFa7fA20f929082 and 0x91430CaD2d3975766499717fA0D66A78D814E5c5 — with stolen funds routed to attacker address 0x8F98075db5d6C620e8D420A8c516E2F2059d9B91. PeckShield subsequently reported that the attacker had already deposited a portion of the stolen funds into ChangeNOW, a non-custodial exchange, complicating recovery efforts.

Not a protocol exploit — a key leak

The official Polymarket Developers account on X moved quickly to clarify the nature of the incident. "We are aware of the security reports linked to rewards payout. User funds and market resolution are safe," the account wrote. The team's further statement was specific: "Findings point to a private key compromise of a wallet used for internal top-up operations, not contracts or core infrastructure."

That distinction matters. The UMA CTF Adapter is the contract layer that ties Polymarket's prediction market tokens to UMA's Optimistic Oracle — the external settlement system used to resolve disputed real-world outcomes. Polymarket's markets use a Conditional Token Framework that mints "Yes" and "No" tokens for each market; the adapter links those tokens to UMA's oracle for final resolution. A compromise of the private key controlling a wallet that interacts with that system can drain funds flowing through the rewards and operational layer without touching user deposits or altering market resolution logic.

Polygon Labs' Chief Technology Officer, Mudit Gupta, corroborated this reading in an X post: "Polymarket contracts are safe. User funds are safe. Looks like their market initializer was compromised. No impact to the users or the contracts."

Polymarket product lead Mustafa Aljadery added further technical colour: "The CTF contract is not exploited, it's an internal address we use for ops. POL was being sent to that address because it was in an internal refiller service that checks and refills balances every couple of seconds. All user funds are safe and the address is being rotated."

What the incident exposed

The refiller service Aljadery described is an automated top-up mechanism that periodically checks internal operational addresses and replenishes their POL token balances. By obtaining the private key to one of those addresses, attackers turned that mechanism against Polymarket — the system kept sending POL in, and the attacker kept sending it out. The Bubblemaps figure of 5,000 POL per 30 seconds is consistent with a script systematically emptying a continuously-replenished wallet.

This class of attack — private key compromise against an operational hot wallet — is distinct from smart contract exploits, which target flaws in protocol code itself. The fact that the core UMA CTF Adapter logic was not manipulated means existing open positions, market resolutions, and user balances on Polymarket were unaffected. Polymarket has processed billions of dollars in prediction market volume; the compromised wallet was an administrative layer, not the settlement layer.

The decision to route stolen funds to ChangeNOW is notable. ChangeNOW is a non-custodial, registration-free swap service that does not require account creation or identity verification for standard transactions, making it a common first hop for attackers looking to obfuscate on-chain trails before moving to exchanges with liquidity.

Scope and significance

At more than $520,000, the incident represents a meaningful operational loss but not an existential threat to a platform of Polymarket's scale. Polymarket became the largest prediction market globally during the 2024 U.S. election cycle, when it processed more than $3.5 billion in election-related volume. The platform has continued to expand its market categories and user base since.

What the incident does expose is the operational security surface of platforms that run automated wallet infrastructure at scale. Any service that maintains continuously-funded operational wallets — for gas top-ups, rewards distributions, or contract initialisation — carries a private key risk that is entirely separate from the security of its on-chain contracts. Polymarket's core protocol held. Its key management did not.

ZachXBT's rapid identification of the drain and the affected addresses, followed within minutes by official confirmation from both Polymarket's developer account and Polygon's CTO, represents a faster-than-average disclosure loop for a DeFi incident. Aljadery confirmed the affected address is being rotated, which would cut off the attacker's access to any further incoming POL from the refiller service.

Polymarket has not yet issued a broader statement from its main X account. CoinDesk, which broke the story, reported the company was contacted for additional comment as of publication.