$520K Devastated! Polymarket UMA Adapter Exploit Drains 5,000 POL Every 30 Seconds!

A potential security issue has been detected with Polymarket’s UMA CTF Adapter contract on Polygon. Experts are advising users to temporarily stop interacting with the contract while the situation is investigated.

Summary

The ZachXBT community reported a potential attack on Polymarket through its UMA CTF Adapter contract on the Polygon network. Initial reports indicate losses exceeding $520,000, and the attacker’s digital address is identified as 0x8F98075db5d6C620e8D420A8c516E2F2059d9B91.

After ZachXBT flagged a possible security issue, PeckShield reported that the contract had likely been exploited. They found that roughly $520,000 had been taken from two specific accounts (0x871D…9082 and 0xf61e…4805), and some of those stolen funds were quickly transferred to ChangeNOW.

Bubblemaps warns users to pause activity

Bubblemaps reported a security breach in a Polymarket contract. Attackers were draining 5,000 POL tokens every 30 seconds, and Bubblemaps initially estimated the losses to be around $600,000 when they issued their warning.

Data from PolygonScan for address 0x871D…9082 reveals multiple outgoing transfers of 5,000 POL to an address identified as the Polymarket UMA CTF Adapter Admin. These transfers happened approximately 30 seconds apart, a pattern previously noted by Bubblemaps.

As part of my research, I’ve found that Polymarket uses something called a UMA CTF Adapter. Essentially, this adapter links their prediction markets to UMA’s Optimistic Oracle. It’s how the system asks for and receives the final results needed to settle those markets, which are built using the Conditional Tokens Framework.

Polymarket’s latest documentation explains that all market results are represented as tokens called CTF, which are secured by locked pUSD. This means the contracts involved are key to how markets are built, finalized, and how rewards are distributed on the blockchain.

Attack comes as Polymarket expands

This event happens as Polymarket is expanding its focus beyond just cryptocurrency, becoming involved in broader discussions about how financial markets operate. Recent reports from crypto.news highlight that prediction markets, particularly those run by Polymarket and Kalshi, are rapidly becoming one of the most dynamic areas within the finance world.

The platform is also dealing with challenges from regulators and concerns about how prediction markets should be structured. Previously, we reported on a lawsuit in Wisconsin against Polymarket, Kalshi, Coinbase, Robinhood, and companies connected to Crypto.com, which claimed certain prediction markets operate like illegal gambling services.

As a crypto investor, this potential exploit on Polymarket is definitely concerning. It adds another layer of risk to an already complex situation – we’re already watching how Polymarket handles regulation, how they settle bets, and whether the markets are fair. Now, with a possible issue at the smart contract level, it really highlights the importance of keeping user funds safe and having strong controls in place. It makes you think twice about the technical side of things, and whether these platforms are truly secure.

This new security alert is part of a recent increase in problems within the DeFi space. Just recently, the Echo Protocol had to temporarily stop its bridge due to someone creating unauthorized eBTC. Also, the Verus Ethereum bridge situation took an unexpected turn when the person who attacked it returned 4,052 ETH after a $11.5 million attack involving fake transactions.

Read More

• HYPE PREDICTION. HYPE cryptocurrency
• Brent Oil Forecast
• PI PREDICTION. PI cryptocurrency
• USD JPY PREDICTION
• ONDO PREDICTION. ONDO cryptocurrency
• USD ZAR PREDICTION
• USD CNY PREDICTION
• FIL PREDICTION. FIL cryptocurrency
• DOGE PREDICTION. DOGE cryptocurrency
• SUI PREDICTION. SUI cryptocurrency

2026-05-22 12:50