Blockchain investigator ZachXBT has flagged a suspected security incident involving Polymarket, the world’s largest decentralized prediction market, after on-chain data suggested more than $520,000 was drained from smart contracts on the Polygon network.
According to data shared by ZachXBT, two smart contracts appear to have been affected, with funds reportedly transferred to an attacker-linked wallet. The impacted addresses include 0x871D7c0f9E19001fC01E04e6cdFa7fA20f929082 and 0x91430CaD2d3975766499717fA0D66A78D814E5c5, with the stolen assets allegedly routed to 0x8F98075db5d6C620e8D420A8c516E2F2059d9B91.
Polymarket addressed the reports in a post on X, saying it is investigating an issue related to its rewards payout system. The platform emphasized that user funds and market resolutions remain safe, describing the incident as a compromise of an internal operations wallet rather than an exploit of its core smart contracts or underlying infrastructure.
Polygon Labs CTO Mudit Gupta also weighed in on the situation, stating that user assets and core contracts were unaffected. “Polymarket contracts are safe. User funds are safe. Looks like their market initializer was compromised. No impact to the users or the contracts,” he said.
As of now, Polymarket has not issued a detailed statement through its main official channels, and CoinDesk has reportedly reached out for additional comment.
The incident underscores ongoing operational security risks in decentralized finance, where compromises of administrative keys or peripheral systems can still result in significant losses even when core protocol smart contracts remain secure.
