Polymarket Says Private Key Breach Drained $600,000 From Top-Up Operations, Funds Safe

Polymarket said a security exploit drained more than $600,000 from its prediction market platform after a suspected private key compromise targeted top-up operations, while the company said no user funds were touched and market resolutions kept running without a hiccup.

“Polymarket, theprediction market platformrunning on Polygon, was hit by a security incident on May 22 after an attacker drained an estimated $600,000 in POL tokens from what the company later confirmed was an internal operations wallet, not a user-facing contract”

BanklessTimes

Reuters-linked reporting in the Currency analytics piece described the breach as hitting top-up procedures rather than individual account holdings, with Polymarket locking down the compromised key and shoring up systems around it.

BanklessTimes

The Currency analytics account also said Polymarket had not publicly explained how the key was exposed and that it was actively investigating the root cause without providing a timeline for answers.

In a separate account, CoinDesk said ZachXBT highlighted a suspected security breach in which more than $520,000 was stolen from two smart contracts on Polygon, while Polymarket developers said the incident stemmed from a private key compromise of an internal operational wallet linked to rewards payout.

In a Friday X post, Polymarket developers said contracts and core infrastructure were unaffected, and product lead Akanshu Jain and other employees also said user funds and market resolution were safe.

CoinDesk reported that Polygon Labs CTO Mudit Gupta commented, stating: "Polymarket contracts are safe. Users' funds are secure."

CoinDesk

Cointelegraph’s account tied the suspected exploit to the Polymarket-linked UMA Conditional Tokens Framework (CTF) Adapter contract on Polygon, saying the exploiter drained at least $520,000.

Cointelegraph also reported that Josh Stevens, Polymarket’s vice president of engineering, said the exploit was limited to a six-year-old private key used for internal top-up operations and that all permissions tied to the key had been revoked.

Multiple reports described an ongoing drain pattern tied to top-up or adapter-related operations, with TradingView saying the exploit losses climbed above $600,000 and that the attacker removed about 5,000 POL tokens every 30 seconds.

“ZachXBT flags a $520,000 exploit on Polymarket on Polygon, the team says the funds are safe”

CoinDesk

TradingView also said Polymarket’s vice president of engineering, Josh Stevens, claimed the exploit was limited to a six-year-old private key used for internal top-up operations and that all permissions tied to the key had been revoked.

The MEXC Exchange account said Polymarket clarified that no Polymarket contracts and no UMA contracts were exploited, while losses climbed from an initial $520,000 to more than $660,000 as the attack continued.

Bitget’s separate crypto incident coverage described THORChain’s response to a malicious node operator exploiting a vulnerability in its GG20 threshold signature system to drain about $10.7 million from one of the protocol’s vaults, with automatic solvency checks triggering within minutes and halting signing and trading across multiple chains.