Polymarket Suffers $520K Security Breach Due to Private Key Compromise
Blockchain investigator ZachXBT has uncovered a suspected security breach targeting Polymarket, the largest decentralized prediction market platform. According to on-chain data, $520,000 was drained from two smart contracts on the Polygon blockchain on [date not specified]. The compromised addresses 0x871D7c0f9E19001fC01E04e6cdFa7fA20f929082 and 0x91430CaD2d3975766499717fA0D66A78D814E5c5 had funds transferred to the attacker’s address (0x8F98075db5d6C620e8D420A8c516E2F2059d9B91).
Polymarket’s development team acknowledged the incident in an X (formerly Twitter) post, confirming awareness of reports tied to its rewards payout system. The company clarified that user funds and market resolutions remain unaffected, attributing the breach to a private key compromise of an internal operations wallet rather than a smart contract exploit or core infrastructure failure. Further updates are pending.
Polygon Labs CTO Mudit Gupta weighed in, stating that Polymarket’s contracts and user funds are secure, though the platform’s market initializer was compromised. He emphasized that the incident had no direct impact on users or smart contracts.
Polymarket has yet to release an official statement from its primary X account. The breach occurs amid increased scrutiny of decentralized finance (DeFi) platforms, highlighting ongoing security challenges in the sector.
Polygon TPRM report: https://www.rankiteo.com/company/polygonlabs
Polymarket TPRM report: https://www.rankiteo.com/company/polymarket
"id": "polpol1779460097",
"linkid": "polygonlabs, polymarket",
"type": "Breach",
"date": "5/2026",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': 'Blockchain/DeFi',
'name': 'Polymarket',
'type': 'Decentralized Prediction Market Platform'}],
'attack_vector': 'Private Key Compromise',
'customer_advisories': 'User funds and market resolutions remain unaffected.',
'description': 'Blockchain investigator ZachXBT uncovered a suspected '
'security breach targeting Polymarket, the largest '
'decentralized prediction market platform. According to '
'on-chain data, $520,000 was drained from two smart contracts '
'on the Polygon blockchain. The compromised addresses had '
'funds transferred to the attacker’s address. Polymarket '
'confirmed the incident, attributing it to a private key '
'compromise of an internal operations wallet, with user funds '
'and market resolutions remaining unaffected.',
'impact': {'brand_reputation_impact': 'Increased scrutiny of DeFi platforms',
'financial_loss': '$520,000',
'operational_impact': 'Funds drained from smart contracts',
'systems_affected': 'Rewards payout system, market initializer'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'root_causes': 'Private key compromise of an '
'internal operations wallet'},
'references': [{'source': 'ZachXBT (Blockchain Investigator)'},
{'source': 'Polymarket X (Twitter) post'},
{'source': 'Mudit Gupta (Polygon Labs CTO)'}],
'response': {'communication_strategy': 'X (Twitter) post acknowledging the '
'incident'},
'stakeholder_advisories': 'User funds and market resolutions remain '
'unaffected; no direct impact on users or smart '
'contracts.',
'title': 'Polymarket Suffers $520K Security Breach Due to Private Key '
'Compromise',
'type': 'Security Breach',
'vulnerability_exploited': 'Compromised internal operations wallet'}