Hassan Maishera
TL;DR
-
ZachXBT has flagged a potential exploit of Polymarket’s UMA CTF Adapter contract on Polygon.
-
The onchain analyst said roughly $520,000 has been drained from two addresses as of early Friday.
Alleged Exploit Drains Two Addresses
Polymarket’s UMA CTF Adapter contract may have been exploited on Polygon, with approximately $520,000 reportedly drained from two related addresses, according to onchain investigator ZachXBT.
The alert was shared on Friday via ZachXBT’s official Telegram channel. Polymarket has not yet confirmed the incident, and both Polymarket and UMA have been contacted for comment.
The UMA CTF Adapter serves as a critical bridge between UMA’s Optimistic Oracle and the Gnosis Conditional Tokens framework.
It is used to resolve prediction markets on Polymarket, making it a key component of the platform’s event settlement infrastructure.
ZachXBT identified several addresses linked to the suspected exploit on Polygon, including:
-
0x8F980...d9B91 (flagged on PolygonScan as “Polymarket Adapter Exploiter 1”)
-
0x91430...4E5c5 (referenced contract in the alert)
-
0x871D7...29082 (reportedly drained wallet)
-
0xf61e3...94805 (reportedly drained wallet)
According to the report, two associated addresses appear to have been emptied as part of the incident.
At the time of reporting, neither Polymarket nor UMA had confirmed whether the activity constitutes a confirmed exploit or an ongoing investigation.
Polymarket operates as a crypto-based prediction market platform that allows users to trade on outcomes of real-world events.
The company has reportedly been in discussions as recently as April 2026 to raise around $400 million at a valuation of roughly $15 billion. This follows a $600 million strategic investment from Intercontinental Exchange, the parent company of the New York Stock Exchange.
This story is still developing, with Polymarket yet to comment on it.
