Polymarket's UMA CTF Adapter contract may have been exploited on Polygon, with roughly $520,000 reportedly drained from two related addresses, according to an alert from onchain investigator ZachXBT published Friday on his official Telegram channel.
Polymarket has not confirmed the incident. The Block reached out to Polymarket and UMA for comment.
The UMA CTF Adapter connects UMA's Optimistic Oracle with the Gnosis Conditional Tokens framework used for market resolution on Polymarket.
ZachXBT identified an address tied to the suspected exploit on Polygon as 0x8F980...d9B91. PolygonScan labels one related address as "Polymarket Adapter Exploiter 1." The related contract referenced in the alert is “0x91430...4E5c5.” According to ZachXBT, two related addresses appear to have been drained, including “0x871D7...29082” and “0xf61e3...94805.”
Polymarket is a prediction market platform that lets users wager on the outcome of real-world events using cryptocurrency.
Expand Chart
The company was in talks as recently as April 2026 to raise approximately $400 million at a valuation of roughly $15 billion, following a $600 million strategic investment from Intercontinental Exchange, the parent company of the New York Stock Exchange.
The incident is not the first time Polymarket's underlying infrastructure has drawn scrutiny.
In March 2025, a single actor controlling roughly 25% of UMA's voting power allegedly forced the resolution of a $7 million prediction market to "Yes" despite the underlying event not occurring — what Polymarket reportedly called an "unprecedented" governance attack on the protocol. In December 2025, Polymarket confirmed that several users had lost funds after a vulnerability was discovered in a third-party authentication provider.
This is a developing story.