Prediction market giant Polymarket suffered a security breach after attackers drained roughly $700,000 from an internal wallet connected to the platform’s Polygon infrastructure. The incident immediately sparked fears of a major protocol exploit before the company clarified that user funds and core prediction market systems remained unaffected.
The exploit was first flagged by prominent on-chain investigator ZachXBT, who identified suspicious outflows tied to addresses associated with Polymarket’s backend systems. Initial estimates suggested approximately $520,000 had been drained, but blockchain analytics firm Bubblemaps later raised the estimated losses to around $700,000 after tracing the stolen funds across multiple wallets and exchanges.
Following the public alerts, Polymarket developers confirmed the attack did not impact customer deposits, active prediction markets, or market resolution systems. According to the company, the compromised wallet was tied to “internal top-up operations” used for rewards payouts and backend infrastructure rather than the platform’s core trading contracts.
Polymarket stated that the issue appears to have been caused by a compromised private key connected to an old operational wallet. The company emphasized that the exploit was isolated from:
Security researchers reviewing the incident also said there was no evidence of:
Reports later revealed the compromised wallet relied on a private key dating back roughly six years. Analysts say the attacker likely gained access to an outdated operational key that still retained permissions connected to backend wallet infrastructure.
Blockchain investigators observed the attacker draining approximately 5,000 POL tokens every 30 seconds during the exploit, suggesting the theft process was automated rather than manually executed. The stolen assets were reportedly spread across at least 16 addresses before being routed through centralized exchanges and other services in an apparent laundering attempt. Some funds were reportedly frozen during the incident, but analysts believe most of the stolen assets have likely already moved beyond recovery.
While the exploit did not impact users directly, the incident has renewed concerns across the crypto industry about operational security practices surrounding privileged wallets and internal infrastructure.
Security experts noted that many crypto platforms focus heavily on smart contract audits while older backend wallets, administrative systems, and operational keys often receive less scrutiny over time. Analysts say the Polymarket exploit appears to be less about blockchain vulnerabilities and more about traditional cybersecurity hygiene issues such as:
The fact that a six-year-old operational key still retained active permissions has raised broader questions about legacy infrastructure management inside rapidly growing crypto companies.
The exploit comes during a major expansion phase for prediction markets. Platforms like Polymarket and Kalshi
At the same time, regulators, institutional investors, and mainstream users are paying closer attention to platform security and operational reliability. Because prediction markets rely heavily on user trust and transparent market resolution systems, even backend operational breaches can create reputational concerns despite user funds remaining safe.
Spotify has demanded that Kalshi and Polymarket remove its branding and clarify that neither prediction market platform has an official…
A newly launched Solana memecoin called The Black Bull (ANSEM) has become one of the biggest stories in crypto…
One of the most recognizable NFT brands in Web3 is entering a new chapter—but not…
Bitcoin climbed above $63,000 for the first time in more than two weeks, completely reversing the steep losses…
A new proposal aimed at protecting Satoshi Nakamoto's estimated 1.1 million Bitcoin has sparked one of the most heated…
Ukrainian authorities have dismantled a sophisticated network of fraudulent cryptocy exchanges operating across seven regions of the country, seizing…