On 22.05.2026, the Polymarket prediction-market contract on the Polygon network suffered an attack that drained funds quickly through multiple transactions over several minutes.

Incident summary

The attackers extracted approximately $700 000, transferring assets in increments of 5 000 POL roughly every 30 seconds, used from an internal operational wallet.

Cause and scope

Polymarket attributed the breach to a compromised private key tied to an internal wallet handling operational transfers and market settlements.

The company said smart contracts and core infrastructure were not affected, and that there is no flaw in platform code.

Transaction pattern and possible vector

Attackers moved funds in regular pulses, withdrawing about 5 000 POL every 30 seconds, which indicates automated transfers and reduced likelihood of manual operator involvement.

Investigators flagged a potential link to the UMA CTF Adapter Polymarket contract on Polygon, which handles market outcome calculations and reconciliation processes.

Funds flow and tracing

Some stolen assets were routed through the cryptocurrency service ChangeNOW, a common mixing step intended to complicate blockchain tracing and hinder attribution efforts.

Response and investigation

Polymarket confirmed awareness of the incident and assured that user funds and market settlement processes remain secure during the ongoing investigation.

Specific attacker wallet addresses and identities have not been disclosed in public materials, and the platform is coordinating with forensic teams.

Polymarket continues monitoring on-chain activity and pursuing recovery options while keeping market calculations operational and informing affected users through official channels.