A recovery effort tied to Polymarket’s internal-wallet incident has frozen $164,000 of the $573,200 transferred from the compromised private key, reducing the liquid damage from the POL drain after a rapid response from investigators and service providers.
The frozen amount was confirmed by Polymarket VP of Engineering DeFi Josh Stevens, who credited ZachXBT, Bitcoin Vietnam and ChangeNOW for helping move quickly after the funds left the compromised key. The frozen balance represents about 28.6% of the reported $573,200 transferred from the affected wallet.
The update follows the earlier $600,000 to $700,000 POL drain alert, which initially triggered concern that Polymarket infrastructure had suffered a wider exploit. Polymarket later narrowed the incident to an internal top-up and rewards wallet, with user funds, active markets and market resolution safe.
That makes the latest freeze a recovery update rather than a new user-risk event. The compromised private key allowed funds to move from an operational wallet, but the public response from Polymarket and aligned developers has kept the issue separate from user balances and market settlement.
ChangeNOW Freeze Improves Recovery Picture
The ChangeNOW freeze is important because attacker funds can become harder to recover once they move through swap services, bridges or fresh wallets. Freezing $164,000 early keeps part of the affected value inside a recovery path instead of allowing the full transfer amount to disperse across harder-to-trace routes.
ZachXBT’s involvement also gives the response stronger onchain-investigation credibility. His work has often helped connect attacker wallets, exchange deposits, swap activity and recovery contacts during crypto thefts. In this case, the response moved fast enough to freeze a meaningful share of the funds before the full amount could move beyond service-provider controls.
The recovery figure does not erase the operational failure. A private key tied to internal Polymarket activity was compromised, and the wallet was able to move more than half a million dollars before the response slowed the outflow. The security question now sits around internal key management, wallet permissions, rewards funding controls and how long the exposed key had access to active infrastructure.
Polymarket’s user-facing position remains clear after the follow-up: user funds, active markets and market resolution are safe. The recovery track now centers on the frozen $164,000, the remaining $409,200 not covered by the freeze, attacker wallet movement, any further service-provider holds and the internal changes made before normal rewards activity continues.
Be the first to comment