Cryip
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events
No Result
View All Result
Cryip
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events
No Result
View All Result
Cryip
No Result
View All Result
Home News Security & Hacks

Suspected Exploit Drains Polymarket UMA CTF Adapter of Over $660,000 in POL Tokens on Polygon

Suspected Attack on Polymarket Drains Over $660K in POL from UMA CTF Adapter on Polygon

Akil Prasath LV by Akil Prasath LV
May 22, 2026
in Security & Hacks
0 0
Suspected Exploit Drains Polymarket UMA CTF Adapter of Over $660,000 in POL Tokens on Polygon
Share on FacebookShare on Twitter
MakeCryipCryippreferred onGoogle

The leading prediction market platform Polymarket is dealing with a suspected exploit on its UMA CTF Adapter contract deployed on the Polygon network. On-chain analyst ZachXBT first flagged the suspicious activity, which has resulted in repeated drains of approximately 5,000 POL tokens every 30 seconds.

On-Chain Details of the Suspected Exploit

ZachXBT confirmed the following addresses involved in the suspected exploit:

  • Attacker address: 0x8F98075db5d6C620e8D420A8c516E2F2059d9B91
  • Related contract: 0x91430CaD2d3975766499717fA0D66A78D814E5c5
  • Related contract: 0x871D7c0f9E19001fC01E04e6cdFa7fA20f929082
  • Related contract: 0xf61e39C7EB1E2Ff5af3A24bCA88D40fD11594805

Early estimates placed losses at $520,000, while later updates from on-chain trackers report totals between $600,000 and $660,000 in POL. Drained funds have been split across multiple wallets, with portions routed toward mixers and swap services such as ChangeNOW.

The UMA CTF Adapter serves as the key bridge for resolving Polymarket prediction markets. It connects to UMA’s Optimistic Oracle to settle yes or no outcomes for conditional tokens used in the platform’s markets. The adapter automatically sends resolution requests to the oracle when markets are created, as detailed in Polymarket’s open-source repository on GitHub.

Community Response and Safety Recommendations

Several analysts advised users to withdraw free funds and avoid new transactions until an official update arrives. One trader account reported that the exploit appears to have been fixed, but emphasized waiting for confirmation directly from the Polymarket team.

Related Story

Polymarket Sued in New York Over Strategy Bitcoin Prediction Market Dispute

Polymarket Sued in New York Over Strategy Bitcoin Prediction Market Dispute

July 7, 2026
Ctrl Wallet to Permanently Shut Down

Ctrl Wallet to Permanently Shut Down on August 3 After Cardano Security Exploit

July 7, 2026

No official statement has been issued by Polymarket as of the latest available updates on May 22, 2026. Users are monitoring the platform’s X account and on-chain explorers for further information.

Polymarket’s Recent Security Incidents

This event adds to a series of prior security challenges for the platform. Verified community reports list the following incidents:

  • November 2024: A phishing attack resulted in approximately $500,000 in losses.
  • December 2025: An authentication provider hack impacted users, including those with 2FA enabled.
  • February 2026: A nonce manipulation exploit targeted trading bots.

The current suspected exploit targets the UMA CTF Adapter specifically. Community observers note that it appears focused on resolution infrastructure balances rather than general user trading positions or core market liquidity.

Background on the UMA CTF Adapter

The adapter is an open-source component published in the Polymarket/uma-ctf-adapter GitHub repository. It functions as an oracle interface to the Conditional Tokens Framework, allowing Polymarket to resolve markets based on data from UMA’s Optimistic Oracle system. The contract on Polygon has processed tens of thousands of transactions historically, supporting the platform’s high-volume prediction markets on events ranging from elections to cryptocurrency prices.

Polymarket integrates UMA as one resolution source among options, with the adapter handling condition creation and settlement for displayed markets on polymarket.com. This setup enables decentralized resolution while relying on UMA’s dispute mechanism for accuracy. Recently Polymarket has launched prediction contracts tied to startup valuations and IPO activity worldwide.

Broader Context and Implications

Prediction markets like Polymarket have seen significant growth, often processing billions in volume and serving as real-time indicators for public sentiment. The platform’s reliance on oracle systems such as UMA makes the integrity of adapters critical for market settlements.

Earlier in 2025, Polymarket faced a separate UMA governance-related incident where a large token holder influenced a market resolution on a Ukraine-themed contract. That event involved voting power rather than direct fund drainage and was described by the platform as unprecedented at the time.

Today’s incident has sparked renewed discussions on about key management, legacy infrastructure risks, and the need for rapid response protocols in high-value DeFi platforms. Analysts continue tracking fund movements in real time, with calls for users to review wallet approvals connected to Polymarket and Polygon contracts.

Latest Update as of 10:18 UTC, May 22, 2026

Following reports of a suspected exploit involving the UMA CTF Adapter on Polygon, Polymarket engineer Josh Stevens clarified that neither Polymarket nor UMA smart contracts were exploited. According to Stevens, all user funds remain safe and the platform continues to operate normally. The incident was traced to a compromised six-year-old private key used in an internal top-up configuration, which resulted in funds being sent to the affected address. Polymarket has since rotated the compromised key, revoked all associated production permissions, and announced plans to migrate all private keys to a Key Management Service (KMS)-based infrastructure to strengthen operational security and prevent similar incidents in the future.

Disclaimer: Cryip is an independent media and research outlet providing news, data, and analysis on the cryptocurrency industry. Content is for informational and research purposes only and does not constitute financial, legal, tax, or investment advice. Cryptocurrency markets are volatile and past performance is not indicative of future results. References to specific assets, platforms, or incidents are for journalistic purposes only and do not imply endorsement, and readers assume full responsibility for their decisions.
Tags: Crypto HacksPolymarketPrediction Market

Related Posts

Polymarket Sued in New York Over Strategy Bitcoin Prediction Market Dispute
Market Updates

Polymarket Sued in New York Over Strategy Bitcoin Prediction Market Dispute

by Ilampirai Arivazhagan
July 7, 2026

Two Polymarket users have filed a lawsuit in New York alleging the prediction market platform improperly settled a market tied...

Read moreDetails
Ctrl Wallet to Permanently Shut Down

Ctrl Wallet to Permanently Shut Down on August 3 After Cardano Security Exploit

July 7, 2026
Trader Loses $2M After ETH Swap to LIT Routes Through AVAIL Pool

Trader Loses $2M After ETH Swap to LIT Routes Through AVAIL Pool

July 7, 2026
Web3 Security Losses Hit $1.31 Billion

Web3 Security Losses Hit $1.31 Billion in H1 2026 as Drift Protocol Hack Tops $285M

July 7, 2026

Bonk DAO Lose $20 Million in Governance Attack as BONK Price Drop Over 9%

July 7, 2026
Summer.fi Drained of $6 Million

Summer.fi Drained of $6 Million in Flash Loan Exploit on LazyVault

July 6, 2026
Ill Bloom Vulnerability Puts Thousands of Crypto Wallets at Risk

Ill Bloom Vulnerability Puts Thousands of Crypto Wallets at Risk

July 6, 2026
Next Post
Polymarket Aims to Launch Prediction Markets in Japan by 2030

Polymarket Aims to Launch Prediction Markets in Japan by 2030

Polymarket Blocked in India as MeitY Targets Prediction Market Platforms

Polymarket Blocked in India as MeitY Targets Prediction Market Platforms

Recommended

  • All
  • News
EDX Markets Raises $76M Led by SBI Holdings to Expand Institutional Crypto Trading Infrastructure

EDX Markets Raises $76M Led by SBI Holdings to Expand Institutional Crypto Trading Infrastructure

July 7, 2026
Tether Invests $20 Million

Tether Invests $20 Million in Mercado Bitcoin to Expand Latin America’s Onchain Finance

July 7, 2026
Digital Chamber Intervenes in Dormant Bitcoin Ownership Case in New York

Digital Chamber Intervenes in Dormant Bitcoin Ownership Case in New York

July 7, 2026
Polymarket Sued in New York Over Strategy Bitcoin Prediction Market Dispute

Polymarket Sued in New York Over Strategy Bitcoin Prediction Market Dispute

July 7, 2026
Ctrl Wallet to Permanently Shut Down

Ctrl Wallet to Permanently Shut Down on August 3 After Cardano Security Exploit

July 7, 2026
M1X Global Secures $5.5M Seed Round Backed by Paradigm to Expand USDM1

M1X Global Secures $5.5M Seed Round Backed by Paradigm to Expand USDM1

July 7, 2026
Coinbase Secures UK MiFID License to Expand Into Equities and Derivatives

Coinbase Secures UK MiFID License to Expand Into Equities and Derivatives

July 7, 2026
Trader Loses $2M After ETH Swap to LIT Routes Through AVAIL Pool

Trader Loses $2M After ETH Swap to LIT Routes Through AVAIL Pool

July 7, 2026

Cryip focuses on crypto research and on-chain analysis, supported by coverage of markets, regulation, security events, and blockchain ecosystems.

Recent Posts

  • KOR Protocol Secures $7.5 Million Series A at $100 Million Valuation Led by 1kx and Blockchain Capital
  • EDX Markets Raises $76M Led by SBI Holdings to Expand Institutional Crypto Trading Infrastructure
  • Tether Invests $20 Million in Mercado Bitcoin to Expand Latin America’s Onchain Finance

Categories

  • AI × Crypto
  • Data & Dashboards
  • DeFi Basics
  • Investing Basics
  • Market & Price
  • Market Updates
  • On-Chain Analysis
  • OpSec
  • Policy & Regulation
  • Post Mortems
  • Press Release
  • Reports
  • Scams & Fraud
  • Security & Hacks
  • Stablecoins
  • Tokenomics
  • VC & Funding
  • Wallets & Custody

Company

  • About Us
  • Contact Us
  • Editorial Standards & Integrity
  • Our Team
  • Privacy Policy
  • Review Methodology
  • Terms and Conditions
  • Trust, Disclosures & Independence

© 2026 Cryip - Research-Driven Crypto Analysis & News by Hashlays.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events

© 2026 Cryip - Research-Driven Crypto Analysis & News by Hashlays.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.