- Polymarket’s UMA CTF Adapter exploit drained more than $700K on Polygon
- Attackers reportedly siphoned funds every 20–30 seconds across multiple wallets
- Polymarket says core contracts and user funds remain unaffected
Polymarket just suffered a major exploit while reportedly negotiating a fresh funding round that could value the company around $15 billion. On May 22, attackers targeted the platform’s UMA CTF Adapter on Polygon, draining more than $700,000 worth of POL and MATIC through automated withdrawals happening roughly every 20 to 30 seconds.
On-chain investigator ZachXBT was first to publicly flag the exploit, identifying multiple compromised wallets before losses continued climbing throughout the morning. By the time the attack slowed, stolen funds had reportedly been spread across at least 15 separate wallet addresses.
The Exploit Hit Market Resolution Infrastructure
The compromised component was not Polymarket’s core trading engine itself, but the UMA CTF Adapter responsible for fetching resolution data from UMA’s Optimistic Oracle. In simple terms, it acts as part of the infrastructure deciding how prediction markets settle after events conclude.
Polymarket later stated on Discord that user funds remain safe and that the incident likely stemmed from a compromised private key tied to an internal wallet rather than a direct vulnerability in the main protocol contracts. Blockchain security firm PeckShield also confirmed that portions of the stolen funds were already routed through ChangeNOW shortly after the exploit occurred.
Still, when infrastructure tied to market settlement gets compromised, traders tend to notice pretty quickly.
This Isn’t Polymarket’s First Oracle Problem
The exploit also revived criticism surrounding Polymarket’s reliance on UMA’s oracle system. Back in March 2025, controversy erupted after a single participant allegedly controlling around 25% of UMA’s voting power forced the incorrect resolution of a $7 million prediction market.
That event already raised concerns about governance concentration and oracle reliability inside Polymarket’s ecosystem. Today’s exploit obviously differs technically, but it reinforces broader questions around how resilient the platform’s infrastructure really is under pressure.
And honestly, the timing could not look much worse.
Polymarket Was Reportedly Pursuing Massive Expansion
Reports earlier this year suggested Polymarket was in discussions to raise roughly $400 million at a valuation near $15 billion, following a separate strategic investment from Intercontinental Exchange reportedly worth around $600 million.
That rapid growth transformed Polymarket from a niche crypto prediction platform into one of the most closely watched betting markets in digital assets. The company increasingly positions itself as a serious information and forecasting platform, especially during elections, geopolitical events, and financial market volatility.
Which is why discovering a key management issue through ZachXBT instead of internal monitoring systems is probably not the headline investors wanted to see right now.
User Funds Survived, But Questions Remain
To Polymarket’s credit, the company says core contracts held up properly and customer funds were not directly impacted by the exploit. That is genuinely important, especially considering how much worse crypto exploits can become when protocol-level vulnerabilities are involved.
But incidents like this still damage confidence around operational security, particularly for platforms handling billions in trading activity and institutional capital discussions simultaneously. Prediction markets are built entirely on trust in settlement infrastructure. Once that trust gets shaken even slightly, scrutiny increases fast.
For now, Polymarket survived the incident without catastrophic damage. But between oracle controversies, key management failures, and growing institutional attention, the platform is entering a phase where operational mistakes are becoming far more expensive reputationally than they used to be.
