|

Polymarket Exploit: 5,000 POL Drained every 30 Seconds

An attacker drained over $600,000 in a huge Polymarket exploit, attacking its UMA CTF Adapter smart contract on Polygon.

An attacker drained over $600,000 from Polymarket, attacking its UMA CTF Adapter sensible contract on Polygon, with on-chain investigator ZachXBT flagging the exploit and figuring out the attacker’s pockets as 0x8F98075db5d6C620e8D420A8c516E2F2059d9B91.

ZachXBT issued an emergency alert first on his Telegram channel, adopted by Bubblemaps warning customers to pause all Polymarket exercise because the platform’s losses climbed towards $600,000.

An attacker drained over $600,000 in a huge Polymarket exploit, attacking its UMA CTF Adapter smart contract on Polygon.
ZachXBT warning, Telegram

The focused contract, the UMA CTF Adapter, is the customized integration layer that permits Polymarket’s prediction markets to settle by way of UMA’s Optimistic Oracle. It isn’t a part of UMA’s audited core protocol.

Discover: The Best Crypto to Diversify Your Portfolio

(*30*)How the Polymarket Exploit Worked: The Smart Contract Vulnerability

The UMA CTF Adapter is customized integration code written and deployed by Polymarket, not a canonical UMA contract. As UMA’s own documentation makes clear, protocol integrators construct their very own adapter contracts on high of the Optimistic Oracle, and people adapters carry project-specific logic and belief assumptions that fall totally exterior UMA’s safety mannequin.

This structural hole is the place the Polymarket exploit discovered its floor. The CTF Adapter encodes the customized economics and entry management that decide how prediction market positions settle and the way funds stream.

Polymarket’s core alternate contracts underwent a proper safety audit by ChainSafety in 2021–2022, which reported that every one important points recognized have been addressed earlier than mainnet deployment. That audit didn’t cowl the UMA CTF Adapter. The exploit did.

This is a recurring sample in DeFi platform failures: audits cowl solely the parts submitted for assessment, not the combination layers bolted on afterward.

Polymarket’s historical past with oracle-adjacent threat isn’t new. A previous incident involving faulty off-chain information fed into Polymarket’s oracle stack, the so-called Paris case, demonstrated that adapter and oracle design signify a systemic weak level for prediction markets, impartial of whether or not the bottom contracts perform appropriately.

(*30*)On-Chain Footprint and What The Data Reveals

Onchain information tracked the attacker eradicating 5,000 $POL tokens every 30 seconds throughout the energetic drain section, a withdrawal cadence that factors to an automatic script executing repeated contract calls. By the time the alert was issued, the attacker had extracted roughly $600,000 based on Bubblemaps, with ZachXBT’s determine inserting confirmed losses at over $520,000.

The post-exploit habits is per early-stage on-chain laundering. The attacker dispersed the stolen proceeds throughout 15 separate pockets addresses in a fragmentation sample designed to complicate chain-of-custody tracing and gradual any freeze or restoration try.

As of the time of reporting, the dispersed funds stay distributed throughout these 15 addresses with no confirmed motion to a mixer or cross-chain bridge. ZachXBT’s public identification of the originating pockets provides investigators a transparent on-chain start line, although the 15-address dispersal complicates any downstream restoration with out alternate cooperation.

Discover: The Best Token Presales

The submit Polymarket Exploit: 5,000 POL Drained every 30 Seconds appeared first on Cryptonews.

Similar Posts