An attacker is allegedly actively draining funds from Polymarket’s UMA CTF Adapter contract on Polygon in a live exploit first identified by onchain investigator ZachXBT. Losses have climbed from an initial $520,000 to more than $660,000 as the attack continues, with the attacker removing approximately 5,000 POL tokens every 30 seconds.
Bubblemaps, Lookonchain, and PeckShield have all independently confirmed the exploit is ongoing. Users have been advised to pause all Polymarket activity immediately.
However, in a latest update, Polymarket’s VP of Engineering has issued a clarification. No Polymarket contracts were exploited. No UMA contracts were exploited. All user funds on the platform remain safe.
How the Attack Is Unfolding
The attacker wallet is executing repeated small withdrawals from contracts linked to Polymarket’s UMA CTF Adapter system on Polygon at a consistent 30-second interval. Each transaction removes approximately 5,000 POL tokens. The cumulative total has already exceeded $660,000 and is rising.
To complicate recovery efforts the attacker has already split stolen funds across 15 separate wallet addresses. A portion of the stolen funds has been deposited into ChangeNOW, a swap service that can be used to convert and obscure the origin of funds.
The primary exploit address has been identified as 0x8F98075db5d6C620e8D420A8c516E2F2059d9B91. PeckShield also flagged two additional drained addresses: 0x871D…9082 and 0xf61e…4805.
Polymarket confirmed it is investigating the issue and stated that user funds on the platform itself remain safe. The exploit appears contained to the UMA CTF Adapter contract rather than Polymarket’s core platform infrastructure.
No further official statement had been issued at the time of writing despite the attack remaining active.
Onchain security analysts are advising all Polymarket users to pause activity on the platform until the exploit is fully contained and Polymarket issues a formal update. Anyone with funds in contracts connected to the UMA CTF Adapter on Polygon should monitor their positions closely.
The exploit remains active. Loss figures are expected to rise further before the attack is contained.
CoinPedia has been delivering accurate and timely cryptocurrency and blockchain updates since 2017. All content is created by our expert panel of analysts and journalists, following strict Editorial Guidelines based on E-E-A-T (Experience, Expertise, Authoritativeness, Trustworthiness). Every article is fact-checked against reputable sources to ensure accuracy, transparency, and reliability. Our review policy guarantees unbiased evaluations when recommending exchanges, platforms, or tools. We strive to provide timely updates about everything crypto & blockchain, right from startups to industry majors.
All opinions and insights shared represent the author's own views on current market conditions. Please do your own research before making investment decisions. Neither the writer nor the publication assumes responsibility for your financial choices.
Sponsored content and affiliate links may appear on our site. Advertisements are marked clearly, and our editorial content remains entirely independent from our ad partners.
Every year, approximately $60 billion flows between the United States and Mexico through remittances and…
Elon Musk is already the richest person on earth by a considerable margin. After the…
Elon Musk's SpaceX is just hours away from launching the biggest IPO in history, while…
Story Highlights The live price of the RNDR token is . If demand for decentralized…
Chainlink price may only be up around 2% today, but beneath the surface, a much…
Story Highlights The live price of the LINK token is . LINK price prediction for…
