A compromised internal wallet drained $700K from Polymarket. User funds stayed safe. Here’s what happened and how the team responded.
A security incident hit Polymarket this week, shaking the prediction market platform briefly. An attacker gained access to an internal operations wallet used for rewards payouts.
The breach triggered repeated POL token transfers, firing every 30 seconds across 166 transactions.
Blockchain analytics firm Bubblemaps raised the alarm on X, alerting users as the losses climbed. By the time transfers stopped, roughly $700,000 in POL had left the platform.
Read also:
How the Polymarket Exploit Unfolded
Bubblemaps posted a live alert, warning followers that attackers were draining 5,000 POL every 30 seconds.
The firm tracked the stolen funds splitting across 16 separate wallet addresses. Those funds then moved through centralized exchanges including KuCoin and HTX. Changenow deposits also appeared among the identified destination addresses.
Bubblemaps published all exploiter and deposit addresses publicly, urging users to pause activity on the platform.
UPDATE: ~$700k exploited
• Suspected withdrawals have stopped
• Polymarket said the incident was isolated and user funds are safeThe stolen funds were split across 16 addresses and routed through CEXs and other services
Exploiter addresses:… https://t.co/gSXWv7UywX
— Bubblemaps (@bubblemaps) May 22, 2026
What Polymarket Said About the Security Breach
The Polymarket developers team moved quickly to clarify the situation on X. Their statement confirmed that no smart contracts faced any exploitation.
User funds and market resolutions remained fully secure throughout the incident.
Developer Josh Stevens added more detail, pointing to a six-year-old private key sitting in an internal top-up configuration.
He noted the team rotated the compromised key, revoked all production permissions, and shifted private keys to KMS key management systems going forward.
No polymarket or UMA contracts have been exploited. All user funds are safe, and using https://t.co/7bOD8pgjQC is safe, so business as usual.
We had a 6-year-old private key that was compromised. This was in the internal top-up config, which is why funds were being sent to it.…
— Josh (@devjoshstevens) May 22, 2026
Polygon CTO and Platform Response Calm User Concerns
Polygon Labs CTO Mudit Gupta also weighed in, confirming that Polymarket contracts and user funds stayed safe. He identified the compromised component as the market initializer, separate from core user-facing infrastructure.
Despite the initial wave of concern from users, Polymarket continued launching new markets without interruption.
Executives, including Kakusan, echoed the same reassurances across their personal accounts. Partners of the platform began pursuing the stolen assets through the exchanges where the funds landed.
