Polymarket Suffers $700K Breach After Internal Admin Wallet is Compromised

Polymarket Suffers $700K Breach After Internal Admin Wallet is Compromised

Briefly

"Hackers drained $700K in POL from Polymarket after compromising a 6-year-old internal private key. ZachXBT alerted users, but Polymarket confirmed all user funds remain fully safe. To prevent further incidents, Polymarket will next move all private keys to KMS. Polymarket, one of the largest prediction markets in the world, experienced a security incident that alerted the platform's community."

"On Friday, blockchain intelligence researcher ZachXBT pointed to a possible compromise of the platform's admin address on Polygon, noting that a significant amount of funds had already been drained. According to Bubblemaps, the attackers had been withdrawing 5,000 POL every 30 seconds, splitting the funds across 16 addresses, including centralized exchanges and other services. At the time of writing, reports indicated that the losses reached $700K."

"The platform later acknowledged the security event, with Polymarket's Shantikiran Chanal stating that they were aware of the security reports linked to rewards payout, but claiming that user funds and market resolution functions were safe. Findings point to a private key compromise of a wallet used for internal operations, not contracts or core infrastructure, he specified."

"Furthermore, he explained that Polymarket was rotating its private keys for backend services and conducting an investigation for any internal secrets that could have been affected in the incident. In April, Polymarket reached trading volumes of over 9 billion. An exploit in the platform's contracts, depending on its nature"