coin-img-ETHETH-2.91%coin-img-BTCBTC-2.52%coin-img-HYPEHYPE-6.29%coin-img-BITKBITK-56.75%coin-img-SOULCORESOULCORE-11.76%coin-img-SOLSOL-2.75%coin-img-XRPXRP-2.47%coin-img-USDCUSDC+0.01%coin-img-ETHETH-2.91%coin-img-BTCBTC-2.52%coin-img-HYPEHYPE-6.29%coin-img-BITKBITK-56.75%coin-img-SOULCORESOULCORE-11.76%coin-img-SOLSOL-2.75%coin-img-XRPXRP-2.47%coin-img-USDCUSDC+0.01%coin-img-ETHETH-2.91%coin-img-BTCBTC-2.52%coin-img-HYPEHYPE-6.29%coin-img-BITKBITK-56.75%coin-img-SOULCORESOULCORE-11.76%coin-img-SOLSOL-2.75%coin-img-XRPXRP-2.47%coin-img-USDCUSDC+0.01%coin-img-ETHETH-2.91%coin-img-BTCBTC-2.52%coin-img-HYPEHYPE-6.29%coin-img-BITKBITK-56.75%coin-img-SOULCORESOULCORE-11.76%coin-img-SOLSOL-2.75%coin-img-XRPXRP-2.47%coin-img-USDCUSDC+0.01%

Polymarket Says Internal Wallet Was Breached, Up to $700K Taken; User Funds Unharmed

Polymarket said Friday that an internal "top-up" wallet used to fund reward payouts was drained after its private key was compromised, stressing that customer balances and market outcomes were not affected. The issue first surfaced on May 22, when on-chain investigator ZachXBT flagged a suspected drain linked to Polymarket's Polygon setup, initially estimating more than $520,000 moved from addresses associated with the prediction market. Polymarket developers later confirmed the incident on X, saying the breach involved an internal rewards top-up wallet and "not contracts or core infrastructure." The team said user funds remain safe and market resolution has not been impacted. Roughly an hour after the initial disclosures, analytics firm Bubblemaps estimated losses at about $700,000. Bubblemaps said the stolen funds were split across 16 addresses and routed through centralized exchanges and other services, adding that suspected withdrawals have since stopped. Security researchers broadly characterized the incident as an operational security failure rather than a protocol exploit. Andy Yajin Zhou, an associate professor at the Chinese University of Hong Kong and co-founder of on-chain security firm BlockSec, told Decrypt the evidence points to a private-key compromise of an admin wallet, not a flaw in adapter contract logic or the prediction-market infrastructure. Blockchain security firm Cyvers said the activity appears confined to admin/operational wallets, not core settlement contracts, and noted the wider industry exposure tied to privileged wallets and key management. Dan Dadybayo, strategy lead at infrastructure firm Horizontal Systems, said the episode reflects a broader shift in attacker behavior, with threats increasingly targeting operational layers such as admin wallets, permissions and signing processes instead of directly exploiting smart contracts. Polymarket's core contracts that record bets and resolve markets rely on external services to confirm outcomes. The company said that because the compromised wallet was used only for rewards payments, market settlement and user balances were unaffected. The incident highlights a recurring security challenge across the sector: even well-audited smart contracts can be undermined by weak key management, insufficient access controls or limited monitoring of privileged wallets. Polymarket and on-chain analysts continue to track fund flows. Decrypt said it has contacted Polymarket for additional comment. The story remains developing.
Đã chọn
Tuyên bố Miễn trừ trách nhiệm: Nội dung trên chỉ là ý kiến của tác giả và không đại diện cho lập trường của BingX. Nội dung này sẽ không được xem là lời khuyên đầu tư từ BingX. Để biết chi tiết, vui lòng tham khảo Điều khoản và Điều kiện.