ZachXBT Flags Polymarket Smart-Contract Exploit With $520,000 in Losses

2026-5-22 11:32

On-chain investigator ZachXBT issued a community alert flagging an apparent exploit of Polymarket’s UMA CTF Adapter.

The UMA CTF Adapter is the smart contract that lets Polymarket’s prediction markets settle using UMA’s Optimistic Oracle

According to the alert, attackers have drained more than $520,000 so far. ZachXBT highlighted that the attacker’s address was 0x8F98075db5d6C620e8D420A8c516E2F2059d9B91.

According to Bubblemaps, the exploiter has since dispersed the proceeds across 15 addresses. This pattern is typically seen in the early stages of an on-chain laundering attempt.

Follow us on X to get the latest news as it happens

ALERT: 🚨 Polymarket contract exploited

Attackers are removing 5,000 $POL every 30 seconds – $600k stolen so far

Pause all Polymarket activity for now pic.twitter.com/DpqOp5ggVj

— Bubblemaps (@bubblemaps) May 22, 2026

However, Polymarket’s VP of Engineering, Josh Stevens, later clarified that neither Polymarket nor UMA smart contracts were compromised. 

“All user funds are safe, and using Polymarket.com is safe, so business as usual,” Stevens said.

According to Stevens, the breach stemmed from a six-year-old private key tied to Polymarket’s internal top-up configuration, which is why funds were being routed to the wallet flagged by on-chain investigators.

The team has since rotated the compromised key, revoked all production permissions associated with it, and is in the process of migrating all private keys to KMS-based key management going forward.

With @zachxbt leading the effort alongside @Bitcoin_Vietnam and @ChangeNOW_io, we managed to freeze $164,000 of the $573,200 in funds transferred from the compromised private key.

Really was a team effort, and it was amazing how quickly everyone reacted. Thanks to everyone who… https://t.co/LW2pHZuFG7

— Josh (@devjoshstevens) May 22, 2026

The Polymarket incident lands amid a broader spike in DeFi exploits this month. May has already produced five separate hacks in the past week alone, pushing the monthly tally to 19, according to DeFiLlama data. Cumulative losses across those incidents have reached roughly $38.2 million.

Subscribe to our YouTube channel to watch leaders and journalists provide expert insights

The post ZachXBT Flags Polymarket Smart-Contract Exploit With $520,000 in Losses appeared first on BeInCrypto.

origin »

Bitcoin price in Telegram @btc_price_every_hour

UMA (UMA) íà Currencies.ru

$ 0 (+0.00%)
Îáúåì 24H $0
Èçìåíåèÿ 24h: 0.00 %, 7d: 0.00 %
Cåãîäíÿ L: $0 - H: $1.6447
Êàïèòàëèçàöèÿ $0 Rank 99999
Äîñòóïíî / Âñåãî 0 UMA

polymarket uma adapter alert zachxbt ctf 520

Èñòî÷íèê: beincrypto.com

Ïàðòíåðû Currencies.ru



Ðåêëàìà íà Currencies.ru

Ñàìîå ñâåæåå íà Currencies.ru

ChatGPT Images 2.0 Is Becoming a Market Fraud Tool with Deepfakes

Deepfakes have shifted from a niche concern to a mass-market threat. May’s incidents show how consumer-grade tools now outpace any institutional response. The damage extends into crypto. Scammers leverage artificial intelligence (AI) to create impersonation scams.