Polymarket Hit by $520K Exploit and House Probe; Binance Disputes Iran Report

Crypto News

The House Oversight Committee opened a formal investigation Friday into prediction-market giants Kalshi and Polymarket, citing concerns over insider trading and wagers placed on classified military activity. Committee Chair James Comer demanded documents covering know-your-customer procedures, suspicious-trade detection, and internal deliberations about offering bets tied to armed conflicts in Iran and Venezuela. The inquiry follows a recent arrest of a U.S. soldier accused of placing Polymarket positions on military timing using non-public information, and Kalshi's penalties against politicians wagering on their own elections. Lawmakers have also reviewed roughly 80 flagged insider-trading patterns identified across the platforms, signaling that Congressional intervention may be imminent.

Cumulative losses from DeFi bridge exploits have reached $328.6 million through May, marking the eighth major attack of 2026 and intensifying institutional unease about decentralized infrastructure. Wall Street risk desks have begun questioning whether the security tradeoffs justify on-chain yields, particularly as total value locked dropped to roughly $86 billion from nearly $100 billion within two days of the most recent breach. Smart-contract auditors describe a recurring pattern of major institutions opening exploratory conversations only to encounter another front-page exploit. The complexity layered into modern protocols makes independent risk assessment effectively impossible for end users, accelerating calls for permissioned alternatives.

Brent crude traded at $104.70 on Thursday after Washington's diplomatic signaling pulled the geopolitical premium out of oil markets. President Trump told reporters the Iran conflict would conclude "fast" once a deal is reached, predicting a sharp price drop. Hedge funds have already cut net long positions by 27% over seven weeks, with the most recent CFTC reading at 169,900 contracts versus the late-March peak of 233,600. The technical structure shows Brent pressing against the lower boundary of its April ascending channel; a clean break would flip the trend bearish for the first time in five weeks and reset risk premia across commodity-linked assets, including Bitcoin.

An on-chain investigator issued a community alert Thursday warning that an attacker had drained roughly $520,000 connected to Polymarket's UMA CTF Adapter, the smart contract responsible for settling prediction-market outcomes through the Optimistic Oracle. The exploiter's wallet subsequently dispersed proceeds across 15 addresses, a routing pattern characteristic of early-stage blockchain laundering. Polymarket's engineering team clarified that neither its core contracts nor UMA's were compromised, attributing the breach to a six-year-old private key tied to an internal top-up configuration. The key has been rotated, production permissions revoked, and remaining secrets are migrating to a key-management service.

Binance publicly rejected a fresh report alleging that an Iranian financier moved roughly $850 million through the exchange across two years, largely through a single trading account that remained open as recently as January. Chief executive Richard Teng described the characterization as "fundamentally inaccurate," noting that the transactions in question predated U.S. sanctions on the individuals involved and that internal compliance teams had already flagged and investigated the activity. The dispute lands while Binance's defamation suit against the same outlet remains active, and as the U.S. Treasury continues pressing the exchange to comply with the independent monitoring regime imposed under its 2023 settlement.

State-aligned threat actors continue extracting record sums from the sector. North Korea's Lazarus Group has been implicated in the $285 million Drift Protocol breach in early April, executed through a months-long social-engineering campaign in which operatives reportedly approached contributors at in-person crypto events. The same cluster was tied to the $290 million KelpDAO compromise weeks later, draining funds via a cross-chain bridge. Outflows from DEX liquidity pools with no direct exposure to the affected assets totaled roughly $14 billion in the days that followed, demonstrating how contagion from sophisticated attacks now spills well beyond the impacted protocols themselves.

The dominant arc binding this week's headlines is regulatory and operational tightening colliding with persistent on-chain security gaps. Congressional pressure on prediction markets, fresh Treasury demands on Binance, and rising losses from bridge exploits all converge on a single conclusion: the era of permissive, lightly supervised altcoin infrastructure is closing. Capital is rotating toward platforms able to demonstrate compliance posture and credible custody. Geopolitical de-escalation in the Middle East may relieve some macro pressure, but the structural transition toward institutionalized, scrutinized crypto rails — and the friction it imposes on legacy DAO governance models — appears irreversible this cycle.