Polymarket's internal operating address private key was leaked, resulting in the transfer of approximately $600,000.

CoinFeed reported on May 22 that, according to Bubblemaps, contracts related to the prediction market platform Polymarket were suspected of being compromised. Attackers transferred approximately 5,000 POL every 30 seconds, resulting in a total theft of about $600,000. On-chain analyst zachxbt pointed out that the affected address was a Polymarket UMA CTF adapter contract, and the attackers had dispersed the funds across 15 addresses. Polymarket subsequently responded that the issue stemmed from the leakage of a wallet private key used for internal operations and reward distribution. User funds and market settlement contracts were unaffected, and core infrastructure remained secure. Further updates will be released later.