logo

AI

Guides

Ecosystems

Markets

NFT

Security

Regulation

  • markets
  • security
  • news
  • 1 hour

Polymarket Admin Wallet Compromised, Hacker Drains Over Half a Million Dollars

The prediction platform’s developers confirmed a private key exploit resulting in a $520,000 drain, but assured users that customer funds are completely safe.

0

nft.eu
  • rating +26
  • subscribers 113

According to prominent onchain sleuth ZachXBT, bad actors compromised a Polymarket admin address deployed on the Polygon network. The attacker swiftly emptied the balances and began routing the liquidity into their own wallets. The project team has already owned up to the incident and deployed an emergency audit of their backend systems.

Scale of the exploit

Blockchain analysts initially suspected a vulnerable flaw within the smart contracts themselves. However, later reports confirmed a total takeover of an operational wallet instead. By the time the exploit was caught, the hacker had already managed to siphon off roughly $520,000.

The malicious activity targeted an internal address utilized by the team for technical operations. The hacker struck two operational wallets before funneling the stolen digital dollars into their main stash.

The team responds

The Polymarket crew reacted swiftly to the breach, shedding light on the vulnerability. Project developer Shantikiran Chanal confirmed that the attack specifically targeted the rewards payout segment.

"Findings point to a private key compromise of a wallet used for internal operations, not contracts or core infrastructure. User funds and market resolution are safe," Chanal stated.

The developer added that team engineers are currently in the middle of an emergency key rotation across backend services while hunting for any other internal secrets that might have been exposed. The code updates are expected to wrap up "very soon."

Hacker drains $520,000 from Polymarket. Source: Lookonchain
Hacker drains $520,000 from Polymarket. Source: Lookonchain

Community jitters

News of the exploit naturally triggered some mild panic across the retail ranks. A user going by the handle Isaac Q. Young questioned project reps on whether his personal funds were secure and asked which login method is safer now, linking a Web3 wallet or authenticating via email.

Polymarket moved to calm the community, stressing that user-side wallets remain entirely untouched by the breach. The developers noted that while login preferences are ultimately a personal choice, opting for a non-custodial crypto wallet stands out as the more secure route.

This post is for informational purposes only and does not constitute advertising or investment advice. Please do your own research before making any decisions.

0

Comments

0