Polymarket vice president of engineering Josh Stevens has officially denied rumors that the platform’s smart contracts were hacked. According to him, user funds are completely safe, and the incident that alarmed the crypto community has been localized and did not affect the trading architecture.
The cause of the panic was not a hacker exploit in the code, but the compromise of an old private key from six years ago. This key was used in an internal configuration for automatic balance top-ups, known as the top-up config. Because of this vulnerability, funds began moving to an external address.
How 6-year-old key led to $520,000 leak on Polymarket
On-chain analysts were the first to raise the alarm after detecting a suspicious outflow of more than $520,000 in assets. The losses affected the UMA CTF Adapter infrastructure on the Polygon blockchain, a gateway that connects Polymarket betting markets with the UMA blockchain oracle for outcome settlement and payout processing.
Security researchers traced the transaction chain and identified the wallet of the presumed attacker, 0x8F98…9B91, where the stolen funds were consolidated, as well as one drained technical wallet belonging to the platform.
At the time of writing, the compromised key had been fully rotated and replaced, while all of its access rights and permissions in the production environment had been revoked. As an additional security measure, Polymarket has initiated a full migration of all private keys to cloud-based key management systems, or KMS keys, to prevent similar incidents in the future.
You Might Also Like
The security incident coincided with regulatory pressure on prediction markets. Earlier, the U.S. House Oversight Committee launched a review of prediction markets to identify possible insider trading linked to geopolitical and election-related betting. The Polymarket team must submit a report on its user verification methods and suspicious transaction monitoring by June 5.
Despite external pressure and the technical incident, Polymarket’s management emphasizes that the platform is operating normally, and that the old-key incident had no impact on liquidity or user balances.
Be the first to comment