The leading prediction market platform Polymarket is dealing with a suspected exploit on its UMA CTF Adapter contract deployed on the Polygon network. On-chain analyst ZachXBT first flagged the suspicious activity, which has resulted in repeated drains of approximately 5,000 POL tokens every 30 seconds.
On-Chain Details of the Suspected Exploit
ZachXBT confirmed the following addresses involved in the suspected exploit:
- Attacker address: 0x8F98075db5d6C620e8D420A8c516E2F2059d9B91
- Related contract: 0x91430CaD2d3975766499717fA0D66A78D814E5c5
- Related contract: 0x871D7c0f9E19001fC01E04e6cdFa7fA20f929082
- Related contract: 0xf61e39C7EB1E2Ff5af3A24bCA88D40fD11594805
Early estimates placed losses at $520,000, while later updates from on-chain trackers report totals between $600,000 and $660,000 in POL. Drained funds have been split across multiple wallets, with portions routed toward mixers and swap services such as ChangeNOW.
The UMA CTF Adapter serves as the key bridge for resolving Polymarket prediction markets. It connects to UMA’s Optimistic Oracle to settle yes or no outcomes for conditional tokens used in the platform’s markets. The adapter automatically sends resolution requests to the oracle when markets are created, as detailed in Polymarket’s open-source repository on GitHub.
Community Response and Safety Recommendations
Several analysts advised users to withdraw free funds and avoid new transactions until an official update arrives. One trader account reported that the exploit appears to have been fixed, but emphasized waiting for confirmation directly from the Polymarket team.
No official statement has been issued by Polymarket as of the latest available updates on May 22, 2026. Users are monitoring the platform’s X account and on-chain explorers for further information.
Polymarket’s Recent Security Incidents
This event adds to a series of prior security challenges for the platform. Verified community reports list the following incidents:
- November 2024: A phishing attack resulted in approximately $500,000 in losses.
- December 2025: An authentication provider hack impacted users, including those with 2FA enabled.
- February 2026: A nonce manipulation exploit targeted trading bots.
The current suspected exploit targets the UMA CTF Adapter specifically. Community observers note that it appears focused on resolution infrastructure balances rather than general user trading positions or core market liquidity.
Background on the UMA CTF Adapter
The adapter is an open-source component published in the Polymarket/uma-ctf-adapter GitHub repository. It functions as an oracle interface to the Conditional Tokens Framework, allowing Polymarket to resolve markets based on data from UMA’s Optimistic Oracle system. The contract on Polygon has processed tens of thousands of transactions historically, supporting the platform’s high-volume prediction markets on events ranging from elections to cryptocurrency prices.
Polymarket integrates UMA as one resolution source among options, with the adapter handling condition creation and settlement for displayed markets on polymarket.com. This setup enables decentralized resolution while relying on UMA’s dispute mechanism for accuracy. Recently Polymarket has launched prediction contracts tied to startup valuations and IPO activity worldwide.
Broader Context and Implications
Prediction markets like Polymarket have seen significant growth, often processing billions in volume and serving as real-time indicators for public sentiment. The platform’s reliance on oracle systems such as UMA makes the integrity of adapters critical for market settlements.
Earlier in 2025, Polymarket faced a separate UMA governance-related incident where a large token holder influenced a market resolution on a Ukraine-themed contract. That event involved voting power rather than direct fund drainage and was described by the platform as unprecedented at the time.
Today’s incident has sparked renewed discussions on about key management, legacy infrastructure risks, and the need for rapid response protocols in high-value DeFi platforms. Analysts continue tracking fund movements in real time, with calls for users to review wallet approvals connected to Polymarket and Polygon contracts.
