A contract tied to prediction market platform Polymarket may have been exploited on the Polygon network, with blockchain investigators estimating losses have climbed past $600,000.
Blockchain analyst ZachXBT first flagged the incident on Friday, saying an attacker appeared to be draining funds from wallets linked to a UMA Conditional Tokens Framework (CTF) adapter contract used by Polymarket.
The suspected exploit targeted infrastructure connected to UMA, whose optimistic oracle system helps resolve prediction market outcomes on Polymarket.
Attacker continues draining funds
Data from blockchain tracking platforms showed the attacker repeatedly moving small amounts of Polygon’s POL token from the compromised addresses.
According to blockchain analytics platform Bubblemaps, the wallet linked to the exploit was removing roughly 5,000 POL tokens every 30 seconds. The platform estimated that stolen funds had reached around $600,000 by Friday morning.
Meanwhile, onchain tracker Lookonchain reported that losses had already climbed to nearly $660,000 as of 9:01 a.m. UTC.
Blockchain records on Polygonscan also showed more than 100 recent transactions flowing into the alleged attacker’s wallet, with most valued at less than 5,000 POL.
At the time of reporting, there was no confirmation that user balances, active prediction markets or withdrawals on Polymarket were directly affected.
UMA Oracle system under fresh scrutiny
The exploit has again placed attention on Polymarket’s reliance on UMA’s oracle infrastructure.
Polymarket integrated UMA’s optimistic oracle system in February 2022 to automate and decentralize the settlement of prediction markets. The oracle helps determine whether real-world events tied to betting markets actually occurred.
The latest incident adds to a series of controversies surrounding the platform’s infrastructure over the past year. Additionally, Polymarket is reportedly in discussions with investors to secure $400 million in fresh funding, showing continued momentum in the rapidly expanding event-based trading sector
Previous security and governance concerns
In March 2025, a trader reportedly controlling about 25% of UMA’s voting power allegedly manipulated the outcome of a $7 million prediction market by forcing a “Yes” resolution despite the event not taking place.
Months later, in December 2025, Polymarket confirmed that several users lost funds after a vulnerability was discovered in a third-party authentication provider connected to the platform. Neither Polymarket nor UMA had issued a public statement on the latest exploit at the time of publication.
Enjoyed this? Bookmark DeFi Planet, explore related topics, and follow us on Twitter, LinkedIn, Facebook, Instagram, Threads and CoinMarketCap Community for seamless access to high-quality industry insights
Take control of your crypto portfolio with DEFI PLANET PRO, DeFi Planet’s suite of analytics tools
