Polymarket Hit By ‘Internal Top-Up’ Wallet Exploit, $700K Drained
A security incident involving Polymarket’s Polygon infrastructure resulted in the theft of approximately $700,000 from an internal rewards wallet. The breach was flagged by on-chain investigator ZachXBT and later confirmed by Polymarket, who emphasized that user funds and market outcomes were not affected. Analysis from blockchain security firms, including BlockSec and Cyvers, indicated that the incident stemmed from a private key compromise of an administrative wallet used for internal operations, not from a vulnerability in Polymarket’s core contracts or prediction market infrastructure. The stolen funds were distributed across 16 addresses and routed through centralized exchanges. Security experts noted this reflects a growing trend in the crypto sector, where attackers increasingly target operational aspects like privileged wallets and key management rather than core protocol code. Polymarket stated the breach was isolated and is providing further updates.
