Blockchain investigator ZachXBT has flagged a suspected security incident involving Polymarket, the world’s largest decentralized prediction market, after on-chain data suggested more than $520,000 was drained from smart contracts on the Polygon network.
According to details shared by ZachXBT, two smart contracts appear to have been impacted, with funds reportedly transferred to an attacker-controlled wallet. The affected addresses include 0x871D7c0f9E19001fC01E04e6cdFa7fA20f929082 and 0x91430CaD2d3975766499717fA0D66A78D814E5c5, with the stolen assets allegedly sent to 0x8F98075db5d6C620e8D420A8c516E2F2059d9B91.
Polymarket acknowledged the reports in a post on X, saying it is investigating an issue related to its rewards payout system. The platform emphasized that user funds and market outcomes remain unaffected, characterizing the incident as a compromise of an internal operations wallet rather than an exploit of its core smart contracts or infrastructure.
Polygon Labs CTO Mudit Gupta also addressed the situation, stating that core contracts and user funds were not impacted. “Polymarket contracts are safe. User funds are safe. Looks like their market initializer was compromised. No impact to the users or the contracts,” he said.
Polymarket has not yet issued a detailed statement through its main official channels, and CoinDesk has reportedly reached out for further comment.
The incident underscores persistent operational security risks in decentralized finance, where breaches of internal keys or supporting systems can still result in significant losses even when core protocol infrastructure remains secure.
