Polymarket UMA alert: are user funds safe after $520K loss?

Polymarket’s UMA CTF Adapter contract on Polygon has reportedly been targeted in a suspected exploit, with onchain analysts warning users to pause activity.

A ZachXBT community alert said Polymarket’s UMA CTF Adapter contract on Polygon was suspected of being attacked. The alert listed losses above $520,000 and named the attacker address as 0x8F98075db5d6C620e8D420A8c516E2F2059d9B91.

PeckShield later said ZachXBT had reported that the contract had “potentially been exploited.” The security firm said two addresses, 0x871D…9082 and 0xf61e…4805, were drained of about $520,000. It also said part of the stolen funds had already moved to ChangeNOW.

Polymarket protocol contributor Shantikiran Chanal said the security reports were linked to rewards payout activity. He said user funds and market resolution are safe, adding that early findings point to “a private key compromise of a wallet used for internal operations, not contracts or core infrastructure.”

Bubblemaps warns users to pause activity

Bubblemaps also warned that a Polymarket contract had been exploited. The firm said attackers were removing 5,000 POL every 30 seconds and estimated losses at about $600,000 at the time of its alert.

PolygonScan data for 0x871D…9082 shows repeated outgoing transfers of 5,000 POL to an address tagged as Polymarket’s UMA CTF Adapter Admin. Several transfers occurred about 30 seconds apart, matching the pattern flagged by Bubblemaps.

Meanwhile, Polymarket’s documentation says the UMA CTF Adapter connects markets to UMA’s Optimistic Oracle. The adapter is used to request and retrieve resolution data for prediction markets built on the Conditional Tokens Framework.

Polymarket’s newer documentation says all outcomes on the platform are tokenized through CTF, with outcome tokens backed by locked pUSD. That makes the affected contract area relevant to how markets are created, resolved, and redeemed onchain.

This is not Polymarket’s first UMA-related controversy. Earlier coverage noted that a UMA whale allegedly influenced a Polymarket market outcome tied to a Trump-Ukraine mineral deal, raising questions over oracle voting power and market resolution trust.

Attack comes as Polymarket expands

The incident comes as Polymarket has been moving from a crypto-native prediction platform into a larger market structure debate. Recent crypto.news coverage said prediction markets led by Polymarket and Kalshi have grown into one of finance’s fastest-moving sectors.

The platform has also faced regulatory and market-design pressure. Earlier coverage noted Wisconsin’s lawsuit against Polymarket, Kalshi, Coinbase, Robinhood, and Crypto.com-linked entities, arguing some prediction markets function as unlicensed gambling products.

The suspected exploit adds a new technical risk layer to that debate. Polymarket is already watched for questions around regulation, resolution rules, and market integrity. A contract-level incident now puts user safety and smart contract controls back in focus.

The latest alert also follows a wider run of DeFi security incidents. Recent reports covered Echo Protocol’s paused bridge after unauthorized eBTC minting, while the Verus Ethereum bridge case took a different turn after the exploiter returned 4,052 ETH, following an $11.5 million forged-transfer attack.