Key Takeaways:
On-chain investigator ZachXBT flagged a suspected security breach on Polymarket, the largest decentralized prediction market, involving an estimated $520,000 exploit on the Polygon network. The Polymarket team, however, has stated that user funds are safe, creating confusion around the incident.
"Community alert: Seeing an exploit on @Polymarket's UMA CTF Adapter," ZachXBT posted on X, identifying the attacker's address as 0x8F98075db5d6C620e8D420A8c516E2F2059d9B91. Blockchain data platforms including Bubblemaps and Lookonchain corroborated the activity, with Bubblemaps noting the address was dispersing the proceeds across 15 other addresses in a pattern typical of on-chain laundering attempts.
The attacker's address was observed draining funds from the contract at a rate of approximately 5,000 POL tokens every 30 seconds, with total losses estimated between $520,000 and $660,000 as of Friday morning UTC. The targeted contract is the UMA CTF Adapter, which Polymarket integrated in February 2022 to allow its prediction markets to settle using UMA's Optimistic Oracle. Despite the on-chain evidence, the title of a Coindesk article on the matter stated the team says funds are safe.
This event highlights the persistent security risks within the DeFi sector, which has seen a significant spike in exploits this month. May has already registered 19 separate hacks totaling roughly $38.2 million in cumulative losses, according to data from DeFiLlama. The conflicting reports from a reputable on-chain investigator and the project team could create uncertainty and impact user trust in both Polymarket and the UMA oracle solution until the situation is fully clarified.
BeInCrypto and Cointelegraph have reportedly reached out to both Polymarket and UMA for comment.
This article is for informational purposes only and does not constitute investment advice.
