Popular on-chain investigator ZachXBT warned earlier today that an administrative address belonging to Polymarket appears to have been compromised on the Polygon blockchain.
Initial estimates put the stolen amount at roughly $520,000. Subsequent updates from Bubblemaps and Lookonchain suggested the total may have exceeded $600,000 after the attacker moved funds through multiple addresses.
2/ @zachxbt was the first to share the exploit and identify that it was a Polymarket UMA CTF adapter contract.
The attacker has already split the funds across 15 addresses.
More updates soon.
Attacker address: https://t.co/G9sNVvunkT
— Bubblemaps (@bubblemaps) May 22, 2026
The attacker reportedly split the stolen assets across 15 separate addresses after exploiting Polymarket’s UMA CFT adapter contract. Blockchain trackers noted the distribution pattern as part of ongoing on-chain monitoring.
Polymarket representative Shantikiran Chanal acknowledged the incident on X, saying the team is “aware of the security reports linked to rewards payout” and reassuring users that “user funds and market resolutions are safe.”
Chanal added that the team is investigating whether any additional internal secrets were exposed and that they are rotating backend credentials and services as a precautionary measure.
At this stage, Polymarket’s public updates emphasize containment and investigation: they are working to determine the full scope of the breach, secure affected systems, and coordinate any necessary steps to protect users. On-chain analysts continue to track the attacker’s movements as the situation develops.