Leading prediction market giant Polymarket has suffered a major security breach. Attackers targeted an internal wallet with compromised private keys and reportedly siphoned funds gradually over several hours. The attackers drained roughly $520,000 to $660,000 worth of crypto assets in the exploit.
Blockchain investigator ZachXBT was among the first to identify the exploit. According to on-chain data from PeckShieldAlert, the attacker removed roughly 5,000 POL tokens every 30 seconds before distributing the stolen funds across approximately 15 separate wallets. The breach has quickly gained attention due to Polymarket’s growing influence as one of the largest blockchain-based prediction platforms.
Attackers Slowly Drain Funds From Compromised Wallet
Initial reports suspected the compromised component was tied to Polymarket’s UMA CTF adapter infrastructure on Polygon. However, Polymarket has issued a public response through engineer Shanti Kiran, blaming the exploit on a compromised wallet used for internal operations. The wallet had a 6-year old private key, which the exploiter must have found, enabling them to siphon the assets.
Reports estimate the attacker drained approximately $458,000 in USDC and roughly $199,700 worth of POL tokens. Combined estimates place total losses between $520,000 and $660,000. Meanwhile, at the time of reporting, the drainage activity appeared to have stopped.
The attack also unfolded gradually. On-chain records showed repeated transfers occurring every few seconds or minutes. In many cases, the attacker removed close to 5,000 POL per transaction, every 30 seconds. The repeated small transfers likely helped the attacker avoid immediate detection while steadily draining funds over time.
Investigators also found that the attacker fragmented the stolen assets across roughly 15 different wallet addresses shortly after the exploit. Portions of the funds moved through swaps and routing services such as ChangeNOW. Attackers often split stolen assets across multiple wallets to complicate blockchain tracing efforts and reduce the risk of asset freezes.
Polymarket Says User Funds Remain Safe
According to Polymarket’s statement, user funds and market resolution systems remain unaffected. Revealing the private key compromise that led to the exploit, the statement attempted to assuage fears about Polymarket’s core smart contracts or prediction market infrastructure. The company also confirmed it is rotating backend keys and investigating whether any additional internal secrets may have been compromised.
The distinction is important because it suggests the breach stemmed from operational security weaknesses instead of a direct smart contract exploit. Many of this year’s crypto attacks have targeted similar infrastructure, as well as backend systems and admin permissions.
Recent industry data from PeckShield showed that crypto bridge exploits alone have already caused more than $328 million in losses this year. Attackers increasingly focus on operational vulnerabilities because major smart contracts now undergo heavier auditing and formal security reviews.
Temitope Olajide
