Polymarket Hack Live: $660,000 Stolen From World’s Largest Prediction Market

The post Polymarket Hack Live: $660,000 Stolen From World’s Largest Prediction Market appeared first on Coinpedia Fintech News

An attacker is actively draining funds from Polymarket’s UMA CTF Adapter contract on Polygon in a live exploit first identified by onchain investigator ZachXBT. Losses have climbed from an initial $520,000 to more than $660,000 as the attack continues, with the attacker removing approximately 5,000 POL tokens every 30 seconds.

Bubblemaps, Lookonchain, and PeckShield have all independently confirmed the exploit is ongoing. Users have been advised to pause all Polymarket activity immediately.

How the Attack Is Unfolding

The attacker wallet is executing repeated small withdrawals from contracts linked to Polymarket’s UMA CTF Adapter system on Polygon at a consistent 30-second interval. Each transaction removes approximately 5,000 POL tokens. The cumulative total has already exceeded $660,000 and is rising.

#PeckShieldAlert #ZachXBT reports that the Polymarket UMA CTF Adapter contract on #Polygon has potentially been exploited.

2 addresses (0x871D…9082 and 0xf61e…4805) have been drained of approximately $520K.

The attacker has already deposited a portion of the stolen funds… pic.twitter.com/ogne5K58mC

— PeckShieldAlert (@PeckShieldAlert) May 22, 2026

To complicate recovery efforts the attacker has already split stolen funds across 15 separate wallet addresses. A portion of the stolen funds has been deposited into ChangeNOW, a swap service that can be used to convert and obscure the origin of funds.

The primary exploit address has been identified as 0x8F98075db5d6C620e8D420A8c516E2F2059d9B91. PeckShield also flagged two additional drained addresses: 0x871D…9082 and 0xf61e…4805.

Polymarket’s Response

Polymarket confirmed it is investigating the issue and stated that user funds on the platform itself remain safe. The exploit appears contained to the UMA CTF Adapter contract rather than Polymarket’s core platform infrastructure.

No further official statement had been issued at the time of writing despite the attack remaining active.

What Users Should Do

Onchain security analysts are advising all Polymarket users to pause activity on the platform until the exploit is fully contained and Polymarket issues a formal update. Anyone with funds in contracts connected to the UMA CTF Adapter on Polygon should monitor their positions closely.

The exploit remains active. Loss figures are expected to rise further before the attack is contained.