How an Old Private Key Triggered the Polymarket Exploit

Polymarket said user funds and market resolution were safe after a rapid wallet drain on Polygon triggered concerns about a possible platform-level security breach.

On-chain investigator ZachXBT was the first to flag the Polymarket exploit. He said a Polymarket-linked admin address appeared to have been compromised on Polygon. Early estimates placed the loss above $520,000, while later tracking from Bubblemaps suggested the figure had climbed toward $700,000.

The incident drew attention because the Polymarket hack involved one of the most visible platforms in the prediction markets sector. Users rely on its contracts and settlement systems to record market positions and pay out winning outcomes after events resolve.

Internal wallet, not core contracts

Josh Stevens, VP of Engineering at Polymarket, later said an approximately six-year-old private key connected to UMA-related top-up operations had been compromised. UMA is part of the oracle infrastructure Polymarket uses when disputed markets require token-holder resolution.

Stevens said the compromised wallet handled internal top-up functions. The main Polymarket contracts were not exploited. He also said the team revoked all permissions tied to the affected key immediately after identifying the breach.

Shantikiran Chanal, who works on the Polymarket protocol team, also publicly addressed the incident and reiterated that the exploit did not affect user funds or market resolution systems.

A smart-contract exploit would have raised broader concerns about user positions, balances, and settlement mechanics. An operational wallet breach points more directly to key management and internal permissions.

Polygon Labs CTO Mudit Gupta also said Polymarket contracts and user funds were safe, adding that the issue appeared to involve a compromised market initializer rather than user-facing infrastructure.

Loss estimates moved higher

The first alerts described more than $520,000 in losses. Later reporting placed the officially confirmed loss figure at approximately $573,000, while Bubblemaps estimated the total closer to $700,000.

Bubblemaps said the stolen funds were split across 16 addresses and routed through centralized exchanges and other services. The visible on-chain pattern reportedly included repeated 5,000 POL transfers roughly every 30 seconds during the active drain phase.

The incident also triggered a partial recovery effort. ZachXBT, working alongside ChangeNOW, said approximately $164,000 of the stolen funds had been frozen.

Estimates changed repeatedly during the first hours after the exploit as investigators traced wallet movements on-chain.

Were user funds at risk?

For everyday users, the key question is whether deposited funds, active positions, or market payouts were at risk. Based on statements from Polymarket executives and protocol contributors, the answer appears to be no. The affected wallet supported internal operational functions, not user market balances.

The incident also highlights a familiar problem in crypto infrastructure: operational wallets. Smart contracts can function as intended while privileged back-end systems remain vulnerable to compromised keys or excessive permissions.

Platforms that rely on automated funding or reward systems face this risk more often because compromised wallets can continue draining funds until permissions are revoked.

>>> Read more: Polymarket Account Breach Linked to Third-Party Login Provider

Unanswered questions after the exploit

Polymarket has not yet released a full public post-mortem on the exploit or explained how the six-year-old private key was compromised and which internal systems the attacker accessed.

The remaining questions center on operational controls. Are similar legacy wallets still active internally? What monitoring changes did the team introduce after the breach?

The freezing of approximately $164,000 in stolen funds may reduce the final realized losses. The incident is unlikely to affect market outcomes or user balances directly. It does, however, raise questions about how teams manage older operational wallets prediction markets continue to grow.