Polymarket Exploited — Attacker Steals $660K and Counting

Polymarket, the world’s largest decentralized prediction market platform. It is facing a suspected smart contract exploit after attackers reportedly drained more than $660,000 from a Polygon-based adapter contract on May 22, 2026. 

Warning: #Polymarket's contract appears to be exploited, and the attacker is stealing funds.

So far, more than $660K has already been stolen.

Source: @zachxbthttps://t.co/WXvRwtWEFs pic.twitter.com/sIa0FWEEzo

— Lookonchain (@lookonchain) May 22, 2026

The incident was first flagged by on-chain investigator ZachXBT. He warned that Polymarket’s UMA CTF Adapter contract may have been compromised. According to multiple blockchain trackers, the attacker continuously withdrew small batches of POL and MATIC tokens every few seconds. Through a suspected exploit tied to legacy oracle infrastructure. The ongoing drain has quickly turned into one of the biggest Polymarket News stories of the month.

ZachXBT Flags Suspicious Polymarket Activity

The initial Polymarket ZachXBT alert identified two affected contracts:

• 0x871D7c0f9E19001fC01E04e6cdFa7fA20f929082
• 0x91430CaD2d3975766499717fA0D66A78D814E5c5

The suspected attacker wallet was identified as:

• 0x8F98075db5d6C620e8D420A8c516E2F2059d9B91

Blockchain monitoring data later showed repeated withdrawals of roughly 5,000 MATIC every 20-30 seconds. Some transactions exceeded 9,900 MATIC before funds were routed through additional wallets. Lookonchain later confirmed the exploit had surpassed $660,000 in losses. While warning users to avoid new deposits or trading activity until more information becomes available.

UMA Adapter Contract Appears Targeted

Early reports suggest the exploit involves Polymarket’s UMA CTF Adapter on Polygon. The adapter acts as a bridge between UMA’s oracle infrastructure and Polymarket’s Conditional Tokens Framework. That system helps resolve prediction market outcomes across the platform. Security researchers believe the attacker may have exploited an old private key or legacy permission setup tied to the adapter contract. Rather than breaching Polymarket’s core trading infrastructure directly. The repeated small transfers suggest an automated draining strategy rather than a single large exploit transaction. Community members also warned that funds may already be moving toward laundering routes or intermediary wallets.

Why This Matters for Investors

For users and traders, the exploit raises fresh concerns about smart contract security across decentralized prediction markets. Polymarket processes large betting volumes tied to elections, geopolitics, and financial markets. Therefore, any exploit can damage user confidence quickly. 

Some traders now fear:

• Temporary liquidity withdrawals
• Reduced trading activity
• Increased platform caution
• Broader trust issues around DeFi prediction markets

If the exploit continues growing, competitors could temporarily benefit as users shift activity elsewhere. The incident also highlights how even mature DeFi platforms remain exposed to infrastructure vulnerabilities.

Developers Face Another Security Wake-Up Call

For developers, the exploit reinforces the importance of key rotation, continuous audits, and strict contract permission management. Legacy adapter contracts and oracle integrations often become overlooked attack surfaces over time. This case may push more DeFi teams toward:

• Multi-signature controls
• Formal verification tools
• Real-time monitoring systems
• Faster emergency pause mechanisms

The attack could also accelerate discussions around oracle security standards across Polygon and broader DeFi ecosystems.

Polymarket Response and Outlook

At the time of writing, Polymarket had not released a full public technical breakdown of the exploit. However, community alerts continue advising users to remain cautious until contract activity stabilizes. As Polymarket news continues developing. The investigators will likely focus on whether funds can be frozen or partially recovered through coordinated blockchain tracing efforts. For now, the incident serves as another reminder that security remains one of crypto’s biggest long-term challenges. Especially as decentralized finance platforms continue scaling globally.