Attackers have reportedly hit prediction market platform Polymarket with a private key hack and stolen roughly $700,000 worth of crypto.
Crypto sleuth ZachXBT first flagged the attack earlier today, noting, “A Polymarket deployer address appears to have been compromised on Polygon.”
Crypto security firm Bubblemaps later confirmed that an exploit was underway and that the hacker was stealing 5,000 POL ($460) every 30 seconds.
It added that the stolen funds were split across 16 addresses before being moved to centralised crypto exchanges, and that ~$700,000 has been stolen so far.
Polymarket’s developer X account said it is aware of the incident “linked to rewards payout,” and claimed, “user funds and market resolution are safe.”
It claimed, “Findings point to a private key compromise of a wallet used for internal top-up operations, not contracts or core infrastructure.”
Read more: Are Polymarket and Kalshi decentralized?
Polymarket developer Josh Stevens also noted that the incident is “not a contract hack,” and that it’s likely a compromise of an old private key.
The funds were taken from a crypto address associated with Polymarket’s UMA system, the platform’s oracle system that relies on tokenholders to resolve disputes on disputed outcomes.
The attacker’s last transaction from this UMA address was at 09:00 UTC, roughly 40 minutes before time of writing.
Week of hacks, insider trading, and inquiries for Polymarket
It’s been a turbulent week for Polymarket, with the firm also being the subject of an inquiry in South Korea over potential gambling violations.
The country’s Korea Communications Standards Commission wants to know if the platform’s services constitute gambling.
Bubblemaps also suspects that a large case of insider trading has been taking place on the platform that involves the leaking of US military secrets.
Read more: Polymarket users try manipulate Israeli journalist with death threats, report
Bubblemaps claims that nine accounts were able to make over $2.4 million betting on military markets with a 98% win rate.
The firm has repeatedly drawn criticism over insider trading, and has witnessed suspicious trades on markets involving Israeli strikes against Iran and the US’s kidnapping of Venezuelan President Nicolás Maduro.
Polymarket launched a new type of trading this week that allows users to bet on future valuations, IPO timings, and secondary share price action involving private companies such as OpenAI, SpaceX, and Anthropic.
Polymarket also reportedly appointed a Japanese representative as it lobbies for regulatory approval within Japan.
Got a tip? Send us an email securely via Protos Leaks. For more informed news and investigations, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.
The post Polymarket exploited for $700K in private key hack appeared first on Protos.
