Polymarket Loses About $600K in POL After Private-Key Breach
Polymarket says about $600,000 in POL was drained from an internal top-up wallet after a private-key compromise; user balances and market resolution were unaffected.
Polymarket reported roughly $600,000 in POL tokens were drained on May 22 after a private-key compromise of an internal top-up wallet on the Polygon network. The team stated user balances and market resolution were not affected.
Public on-chain alerts first flagged a rapid sequence of POL transfers that some observers treated as a potential contract exploit. The alerts showed repeated transfers of about 5,000 POL at roughly 30‑second intervals. Blockchain transaction records show a transfer at 09:01:19 UTC moving 5,000 POL into a Polymarket-labeled UMA CTF Adapter Admin address and, seven seconds later, 4,999.994 POL moved from that address to an attacker-tagged account.
Polymarket characterized the incident as an operational private-key compromise affecting a wallet used for internal refills and rewards payouts rather than a flaw in smart contracts or core infrastructure. The Polymarket Developers account wrote that findings pointed to a compromised key tied to a refiller service. Polymarket software engineer Shantikiran Chanal wrote, “User funds and market resolution are safe,” and noted the activity was linked to rewards payout reports.
A Polymarket-linked account added that the CTF contract was not exploited and described the affected address as part of a service that checks and refills balances every few seconds. Polymarket engineers reported rotating the affected address and investigating backend systems and secrets.
Public records and alerts produced live loss estimates that varied, with figures cited at more than $520,000 and later near $600,000. Polymarket has not published a final audited loss figure or a complete list of affected addresses. The team advised users that their funds and market settlement processes were outside the affected operations.
Polymarket said it is rotating keys and continuing its investigation. The company has not disclosed whether refiller-service credentials were exposed or whether the compromised wallet had additional permissions.
Content on BlockPort is provided for informational purposes only and does not constitute financial guidance.
We strive to ensure the accuracy and relevance of the information we share, but we do not guarantee that all content is complete, error-free, or up to date. BlockPort disclaims any liability for losses, mistakes, or actions taken based on the material found on this site.
Always conduct your own research before making financial decisions and consider consulting with a licensed advisor.
For further details, please review our Terms of Use, Privacy Policy, and Disclaimer.
Articles by this author
