Polymarket: User funds safe after $600K Polygon drain
A compromised six-year-old private key used for internal top-ups let an attacker drain about $600,000 in POL on Polygon; Polymarket says contracts and user funds were not affected.
Polymarket confirmed on Friday that a security breach affected part of its infrastructure after a six-year-old private key used for internal top-up operations was compromised, allowing an attacker to withdraw roughly $600,000 worth of POL tokens on the Polygon network. The company said its market contracts and core infrastructure were not impacted and that user account balances and market resolutions remain intact.
A blockchain investigator flagged the incident as a compromise of a Polymarket-linked UMA Conditional Tokens Framework (CTF) adapter contract on Polygon. Polymarket engineering reported the issue was limited to the old private key and that permissions tied to it have been revoked.
On-chain records reviewed by analytics platforms showed more than 100 small deposits into the attacker address, followed by repeated withdrawals of about 5,000 POL tokens. One platform observed the attacker removing roughly 5,000 POL every 30 seconds, bringing identified losses to about $600,000. Another estimate put the total at roughly $660,000 as of 9:01 a.m. UTC on Friday. Earlier tallies placed the initial loss near $520,000.
The affected contract is the UMA CTF adapter, an oracle interface that relays market outcomes to UMA’s Optimistic Oracle to resolve Polymarket prediction markets. Polymarket integrated UMA’s optimistic oracle on Feb. 3, 2022.
Polymarket product lead Akanshu Jain posted that ‘user funds and market resolution are safe.’ Vice president of engineering Josh Stevens wrote that ‘contracts were safe’ and added that all permissions tied to the compromised key have been revoked. The company said the breach affected only internal top-up operations and not the market contracts that hold user positions or escrow funds used for resolution.
Polymarket removed the compromised key’s access and opened an investigation into how the key was exposed and whether additional mitigations are needed. Polymarket and UMA were contacted for comment; public posts on X and internal messages have provided the primary account of the incident so far.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
