Overview
- On Friday, on‑chain investigator ZachXBT alerted that an attacker drained more than $520,000 in POL from addresses tied to Polymarket’s UMA CTF Adapter on Polygon.
- Analysts from PeckShield and Bubblemaps corroborated repeated withdrawals of about 5,000 POL at roughly 30‑second intervals and said stolen funds were split across many wallets and routed in part to ChangeNOW.
- Polymarket’s contributor Shantikiran Chanal said the incident appears isolated to an internal operations/admin wallet rather than core smart contracts and that user funds and market resolution remain safe.
- Investigators are actively tracing flows and rotating keys as on‑chain watchers report the exploiter dispersed proceeds to at least 15 separate addresses, a pattern consistent with early laundering.
- The episode compounds earlier account breaches tied to a third‑party auth provider and has put short‑term pressure on POL price while raising broader questions about DeFi operational security and recovery options.