Blockchain investigator ZachXBT has highlighted a suspected security breach involving Polymarket, the world’s largest decentralized prediction market platform.
Over $520,000 was reportedly drained from two smart contracts on the Polygon blockchain, according to on-chain data shared by ZachXBT. The affected addresses are 0x871D7c0f9E19001fC01E04e6cdFa7fA20f929082 and 0x91430CaD2d3975766499717fA0D66A78D814E5c5, with funds allegedly sent to attacker address 0x8F98075db5d6C620e8D420A8c516E2F2059d9B91.
Polymarket developers said the company is aware of reports tied to its rewards payout system in a post on X. The team emphasized that user funds and market resolutions remain safe, describing the issue as a private key compromise of an internal operations wallet rather than a broader smart contract exploit or core infrastructure breach. Further updates are expected.
Polygon Labs’ CTO Mudit Gupta also commented on the incident, stating:
“Polymarket contracts are safe. User funds are safe. Looks like their market initializer was compromised. No impact to the users or the contracts.”
Polymarket has not yet issued an official statement from its main X account. CoinDesk has reached out to the company for additional comment. The incident comes amid heightened scrutiny of decentralized finance platforms.
