Polymarket 22 মে অনেক ব্যবহারকারী যেটিকে সম্ভাব্য হ্যাক বলে ব্যাখ্যা করেছিল, তার পরে জনসাধারণের সতর্কতা দেখানো হয়েছিল যে প্রতিশ্রুতি বাজার প্ল্যাটফর্মে POL দ্রুত উপার্জন করা হচ্ছে। পরে Polymarket সংযুক্ত অ্যাকাউন্টগুলি বলেছিল যে এই ঘটনাটি স্মার্ট-কন্ট্রাক্ট নিষ্পত্তি ছিল না এবং ব্যবহারকারীদের ফান্ড বা বাজার সমাধানকে প্রভাবিত করেনি।
উদ্বেগের প্রথম ঢেউ এসেছিল অন-চেইন তদন্তকারী ZachXBT এবং ব্লকচেইন অ্যানালিটিক্স ফার্ম Bubblemaps থেকে। ZachXBT বলেছিলেন যে Polymarket এডমিন ঠিকানা Polygon এ ক্ষতিগ্রস্ত হয়েছে বলে মনে হচ্ছে, তার Telegram সতর্কতার সময় $520,000 এরও বেশি উপার্জন করা হয়েছিল।
Bubblemaps তখন সতর্ক করেছিল যে আক্রমণকারীরা প্রতি 30 সেকেন্ডে প্রায় 5,000 POL সরিয়ে নিচ্ছে এবং এখন পর্যন্ত প্রায় $600,000 চুরি হয়েছে, ব্যবহারকারীদের Polymarket কার্যকলাপ বন্ধ করার পরামর্শ দিয়েছিল।
Polymarket এর পরবর্তী ব্যাখ্যা বিষয়টিকে মূল বাজারের ব্যর্থতা থেকে সরিয়ে অভ্যন্তরীণ অপারেশনাল নিরাপত্তা লঙ্ঘনের দিকে নিয়ে গেছে। ফলাফল দেখায় যে একটি ওয়ালেটের প্রাইভেট-কী ক্ষতিগ্রস্ত হয়েছে যা “অভ্যন্তরীণ টপ-আপ অপারেশনস,” অনুযায়ী Polymarket Developers, নয় “কন্ট্রাক্ট বা মূল পরিকাঠামো।”
Polymarket সফ্টওয়্যার ইঞ্জিনিয়ার Shantikiran Chanal একইভাবে বলেছিলেন, “ব্যবহারকারীদের ফান্ড এবং বাজার সমাধান নিরাপদ,” যোগ করে যে বিষয়টি পুরস্কার প্রদানের রিপোর্টের সাথে যুক্ত ছিল।
এটি বিভিন্ন ঝুঁকি বোঝায়। কন্ট্রাক্ট বা সমাধানের ব্যর্থতা প্রশ্ন তৈরি করতে পারে যে বাজারগুলি সঠিকভাবে সমাধান করতে পারে কিনা বা ব্যবহারকারীদের অবস্থান প্রকাশিত হয়েছে কিনা। অভ্যন্তরীণ ফান্ডিং-ওয়ালেট ক্ষতিগ্রস্ত হলেও এটি গুরুতর হলেও এটি প্রধানত কী ব্যবস্থাপনা, রিফিলার সেবা এবং ওয়ালেট সমর্থনকারী অপারেশনাল নিয়ন্ত্রণের দিকে ইঙ্গিত করে যা প্ল্যাটফর্মকে সমর্থন করে।
[
Related Reading
Crypto finds $64B product market fit in 2025 but reliance on centralized logins has created a critical security flaw
Mainstream adoption of prediction markets raises systemic trust challenges and highlights ambiguities in resolution mechanisms for crypto platforms.
Feb 11, 2026 · Oluwapelumi Adejumo
The public alert moved faster than the private key compromise explanation
The timeline moved quickly. ZachXBT's Telegram post at 08:22 UTC described a Polymarket admin address as apparently compromised on Polygon and identified the attacker address as 0x8F98075db5d6C620e8D420A8c516E2F2059d9B91.
The same post listed related and drained addresses, giving on-chain analysts a trail to follow.
Bubblemaps amplified the warning at 08:51 UTC, describing the situation as a Polymarket contract exploit, the kind of Polymarket exploit alert that would raise immediate concern about core infrastructure, and saying the attacker was removing 5,000 POL every 30 seconds.
On-chain data show why the warning drew attention. A PolygonScan transaction at 09:01:19 UTC shows 5,000 POL moving into a Polymarket-labeled UMA CTF Adapter Admin address.
Seven seconds later, another PolygonScan transaction shows 4,999.994 POL moving from that labeled admin address to the labeled attacker address. The attacker address page is tagged by PolygonScan as “Polymarket Adapter Exploiter 1” and shows repeated transfers around the alert window.
That transaction pair supports the visible drain pattern that triggered the public alarm and gives a concrete example of the kind of transfer flow that Polymarket team members later described as involving an internal refiller, while leaving root cause to the team's statements.
| Question | Initial alert | Polymarket-linked explanation |
|---|---|---|
| What was happening? | Bubblemaps warned that 5,000 POL was being removed roughly every 30 seconds. | Team statements linked the reports to rewards payout or internal top-up activity. |
| Was it a contract exploit? | Bubblemaps initially described it as a Polymarket contract exploit. | Polymarket-linked accounts said findings pointed away from contracts or core infrastructure. |
| Were user funds affected? | The first alert advised users to pause activity. | Shantikiran Chanal and Polymarket Developers said user funds and market resolution were safe. |
| What remains unresolved? | The live loss estimate was about $600,000 at Bubblemaps' alert. | The final loss amount, full affected-address set, and remediation details were still unsettled. |
[
Related Reading
Polymarket’s stablecoin launch looks bearish for USDC, but the real shift runs deeper
Polymarket’s new token may not cut USDC demand, but it could make that demand harder to see and easier to misread.
Apr 7, 2026 · Andjela Radmilac
](https://cryptoslate.com/polymarket-usd-stablecoin-impact-on-usdc-demand/)
Team statements pointed to a Polymarket private key compromise
The clearest official wording came from the Polymarket Developers account, which framed the incident as a Polymarket private key compromise involving a wallet used for internal top-up operations.
That phrasing moves the incident out of the category of a direct smart-contract vulnerability and into a more operational question: who controlled the key, how it was exposed, and why the affected process kept sending POL into an address that could be drained.
Chanal's statement used similar language, saying the reports were linked to rewards payout and that findings pointed to a private-key compromise of a wallet used for internal operations. In replies to users, Chanal said wallets were “completely safe” and said the team was investigating backend systems and secrets while rotating keys.
Mustafa, another Polymarket-linked source, gave the most direct explanation of the contract distinction. He said “The CTF contract is not exploited,” adding that the issue involved an internal ops address used by a service that checks and refills balances every few seconds.
He also said all user funds were safe and that the address was being rotated.
Polymarket's own documentation helps explain the stakes behind that distinction. The platform says markets use UMA for resolution and that winning positions are redeemed after resolution through CTF-related mechanics.
[
Related Reading
Polymarket faces major credibility crisis after whales forced a “YES” UFO vote without evidence
Late-night traders bought odds at 99 cents just before a token-weighted vote overruled the public consensus, exposing a massive flaw in "truth" markets.
Dec 10, 2025 · Liam 'Akiba' Wright
Its CTF documentation describes outcome tokens for prediction markets and notes that Yes/No pairs are fully collateralized. Against that background, a direct failure in CTF or resolution infrastructure would raise different questions from a compromised wallet used for rewards or internal top-ups.
The known team statements place the issue outside the core market-resolution infrastructure. They leave the operational-security question open.
Private keys are the authority layer for blockchain wallets, and a compromised internal key can still move funds, trigger public panic, and expose weaknesses in monitoring or automated funding flows even when users' trading balances and market settlement are not the target.
The next update needs to settle the loss and remediation details
For users right now, Polymarket's team says the incident was limited to internal operations, meaning Polymarket user funds, core contracts, and market-resolution processes were outside the affected path.
The remaining question is how much was ultimately lost and what changed after the team discovered the compromised key.
ZachXBT's first available figure was more than $520,000 drained. Bubblemaps later said about $600,000 had been stolen at the time of its alert.
On-chain pages show a representative transfer trail, but the current public record leaves the final audited loss amount, full set of affected addresses, and recovery status unsettled.
The operational follow-up is just as important. Polymarket-linked statements said the affected address was being rotated and that the team was investigating backend systems and secrets.
That leaves several live questions: whether rotation has been completed, whether any connected refiller-service credentials were exposed, whether the compromised wallet had permissions beyond the observed transfers, and whether the platform will publish an incident report explaining the failure.
For traders, the practical takeaway is that the initial public wording appears to have overstated the contract-exploit angle based on the later Polymarket team statements. A live drain of internal funds remains a security incident, especially for a platform whose users rely on clear separation between operational wallets, rewards systems, and market infrastructure.
Until Polymarket issues a final update, the team has told users their funds and market resolution are safe, while the public chain record shows a rapid POL drain from Polymarket-labeled infrastructure.
The next disclosure needs to state the final loss, confirm the address rotation, and explain what changed after a Polymarket private key compromise turned an internal wallet into the center of a live-drain alarm.
The post Polymarket suffers live POL drain as team rules out feared contract exploit appeared first on CryptoSlate.