The leading prediction market platform Polymarket is dealing with a suspected exploit on its UMA CTF Adapter contract deployed on the Polygon network. On-chain analyst ZachXBT first flagged the suspicious activity, which has resulted in repeated drains of approximately 5,000 POL tokens every 30 seconds.
On-Chain Details of the Suspected Exploit
ZachXBT confirmed the following addresses involved in the suspected exploit:
- Attacker address: 0x8F98075db5d6C620e8D420A8c516E2F2059d9B91
- Related contract: 0x91430CaD2d3975766499717fA0D66A78D814E5c5
- Related contract: 0x871D7c0f9E19001fC01E04e6cdFa7fA20f929082
- Related contract: 0xf61e39C7EB1E2Ff5af3A24bCA88D40fD11594805
Early estimates placed losses at $520,000, while later updates from on-chain trackers report totals between $600,000 and $660,000 in POL. Drained funds have been split across multiple wallets, with portions routed toward mixers and swap services such as ChangeNOW.
The UMA CTF Adapter serves as the key bridge for resolving Polymarket prediction markets. It connects to UMA’s Optimistic Oracle to settle yes or no outcomes for conditional tokens used in the platform’s markets. The adapter automatically sends resolution requests to the oracle when markets are created, as detailed in Polymarket’s open-source repository on GitHub.
Community Response and Safety Recommendations
Several analysts advised users to withdraw free funds and avoid new transactions until an official update arrives. One trader account reported that the exploit appears to have been fixed, but emphasized waiting for confirmation directly from the Polymarket team.
No official statement has been issued by Polymarket as of the latest available updates on May 22, 2026. Users are monitoring the platform’s X account and on-chain explorers for further information.
Polymarket’s Recent Security Incidents
This event adds to a series of prior security challenges for the platform. Verified community reports list the following incidents:
- November 2024: A phishing attack resulted in approximately $500,000 in losses.
- December 2025: An authentication provider hack impacted users, including those with 2FA enabled.
- February 2026: A nonce manipulation exploit targeted trading bots.
The current suspected exploit targets the UMA CTF Adapter specifically. Community observers note that it appears focused on resolution infrastructure balances rather than general user trading positions or core market liquidity.
Background on the UMA CTF Adapter
The adapter is an open-source component published in the Polymarket/uma-ctf-adapter GitHub repository. It functions as an oracle interface to the Conditional Tokens Framework, allowing Polymarket to resolve markets based on data from UMA’s Optimistic Oracle system. The contract on Polygon has processed tens of thousands of transactions historically, supporting the platform’s high-volume prediction markets on events ranging from elections to cryptocurrency prices.
Polymarket integrates UMA as one resolution source among options, with the adapter handling condition creation and settlement for displayed markets on polymarket.com. This setup enables decentralized resolution while relying on UMA’s dispute mechanism for accuracy. Recently Polymarket has launched prediction contracts tied to startup valuations and IPO activity worldwide.
Broader Context and Implications
Prediction markets like Polymarket have seen significant growth, often processing billions in volume and serving as real-time indicators for public sentiment. The platform’s reliance on oracle systems such as UMA makes the integrity of adapters critical for market settlements.
Earlier in 2025, Polymarket faced a separate UMA governance-related incident where a large token holder influenced a market resolution on a Ukraine-themed contract. That event involved voting power rather than direct fund drainage and was described by the platform as unprecedented at the time.
Today’s incident has sparked renewed discussions on about key management, legacy infrastructure risks, and the need for rapid response protocols in high-value DeFi platforms. Analysts continue tracking fund movements in real time, with calls for users to review wallet approvals connected to Polymarket and Polygon contracts.
Latest Update as of 10:18 UTC, May 22, 2026
Following reports of a suspected exploit involving the UMA CTF Adapter on Polygon, Polymarket engineer Josh Stevens clarified that neither Polymarket nor UMA smart contracts were exploited. According to Stevens, all user funds remain safe and the platform continues to operate normally. The incident was traced to a compromised six-year-old private key used in an internal top-up configuration, which resulted in funds being sent to the affected address. Polymarket has since rotated the compromised key, revoked all associated production permissions, and announced plans to migrate all private keys to a Key Management Service (KMS)-based infrastructure to strengthen operational security and prevent similar incidents in the future.
