{"id":29417,"date":"2026-05-22T09:42:24","date_gmt":"2026-05-22T09:42:24","guid":{"rendered":"https:\/\/bitunikey.com\/news\/polymarket-hit-zachxbt-flags-520k-uma-adapter-loss\/"},"modified":"2026-05-22T09:42:40","modified_gmt":"2026-05-22T09:42:40","slug":"polymarket-hit-zachxbt-flags-520k-uma-adapter-loss","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/polymarket-hit-zachxbt-flags-520k-uma-adapter-loss\/","title":{"rendered":"Polymarket hit? ZachXBT flags $520K UMA adapter loss"},"content":{"rendered":"<div class=\"post-detail__content blocks\">\n<p><strong>Polymarket\u2019s UMA CTF Adapter contract on Polygon has reportedly been targeted in a suspected exploit, with onchain analysts warning users to pause activity.<\/strong><\/p>\n<div id=\"cn-block-summary-block_635c235ea5130f9fcb7f1c7330ffa758\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>ZachXBT flagged a suspected UMA CTF Adapter exploit on Polygon with losses above $520K reported.<\/li>\n<li>PeckShield said two addresses were drained and some stolen funds were deposited into ChangeNOW already.<\/li>\n<li>Bubblemaps warned attackers were removing 5,000 POL every 30 seconds as losses kept rising quickly.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>A ZachXBT community <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/t.co\/EXNfXHMbVr\" target=\"_blank\" rel=\"nofollow\">alert<\/a> said Polymarket\u2019s UMA CTF Adapter contract on Polygon was suspected of being attacked. The alert listed losses above $520,000 and named the attacker address as 0x8F98075db5d6C620e8D420A8c516E2F2059d9B91.<\/p>\n<p>PeckShield later said ZachXBT had reported that the contract had \u201cpotentially been exploited.\u201d The security firm said two addresses, 0x871D\u20269082 and 0xf61e\u20264805, were drained of about $520,000. It also said part of the stolen funds had already moved to ChangeNOW.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/PeckShieldAlert?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">#PeckShieldAlert<\/a> <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/ZachXBT?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">#ZachXBT<\/a> reports that the Polymarket UMA CTF Adapter contract on <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/Polygon?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">#Polygon<\/a> has potentially been exploited. <\/p>\n<p>2 addresses (0x871D\u20269082 and 0xf61e\u20264805) have been drained of approximately $520K.<\/p>\n<p>The attacker has already deposited a portion of the stolen funds\u2026 <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/t.co\/ogne5K58mC\">pic.twitter.com\/ogne5K58mC<\/a><\/p>\n<p>\u2014 PeckShieldAlert (@PeckShieldAlert) <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/2057745696674218049?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">May 22, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>    <!-- .cn-block-related-link --><\/p>\n<h2 class=\"wp-block-heading\"><strong>Bubblemaps warns users to pause activity<\/strong><\/h2>\n<p>Bubblemaps also <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/bubblemaps\/status\/2057746068885082371?s=20\" target=\"_blank\" rel=\"nofollow\">warned<\/a> that a Polymarket contract had been exploited. The firm said attackers were removing 5,000 POL every 30 seconds and estimated losses at about $600,000 at the time of its alert.<\/p>\n<p>PolygonScan data for 0x871D\u20269082 shows repeated outgoing transfers of 5,000 POL to an address tagged as Polymarket\u2019s UMA CTF Adapter Admin. Several transfers occurred about 30 seconds apart, matching the pattern flagged by Bubblemaps.<\/p>\n<figure class=\"wp-block-image size-large\"><figcaption class=\"wp-element-caption\">Source: <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/polygonscan.com\/address\/0x871D7c0f9E19001fC01E04e6cdFa7fA20f929082\" target=\"_blank\" rel=\"nofollow\">PolygonScan<\/a><\/figcaption><\/figure>\n<p>Meanwhile, Polymarket\u2019s <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/legacy-docs.polymarket.com\/polymarket-+-uma\" target=\"_blank\" rel=\"nofollow\">documentation<\/a> says the UMA CTF Adapter connects markets to UMA\u2019s Optimistic Oracle. The adapter is used to request and retrieve resolution data for prediction markets built on the Conditional Tokens Framework.<\/p>\n<p>Polymarket\u2019s newer documentation says all outcomes on the platform are tokenized through CTF, with outcome tokens backed by locked pUSD. That makes the affected contract area relevant to how markets are created, resolved, and redeemed onchain.<\/p>\n<p>This is not Polymarket\u2019s first UMA-related controversy. Earlier coverage noted that a UMA whale allegedly influenced a Polymarket market outcome tied to a Trump-Ukraine mineral deal, raising questions over oracle voting power and market resolution trust.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Attack comes as Polymarket expands<\/strong><\/h2>\n<p>The incident comes as Polymarket has been moving from a crypto-native prediction platform into a larger market structure debate. Recent crypto.news coverage said prediction markets led by Polymarket and Kalshi have grown into one of finance\u2019s fastest-moving sectors.<\/p>\n<p>The platform has also faced regulatory and market-design pressure. Earlier coverage noted Wisconsin\u2019s lawsuit against Polymarket, Kalshi, Coinbase, Robinhood, and Crypto.com-linked entities, arguing some prediction markets function as unlicensed gambling products.<\/p>\n<p>The suspected exploit adds a new technical risk layer to that debate. Polymarket is already watched for questions around regulation, resolution rules, and market integrity. A contract-level incident now puts user safety and smart contract controls back in focus.<\/p>\n<p>The latest alert also follows a wider run of DeFi security incidents. Recent reports covered Echo Protocol\u2019s paused bridge after unauthorized eBTC minting, while the Verus Ethereum bridge case took a different turn after the exploiter returned 4,052 ETH, following an $11.5 million forged-transfer attack.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Polymarket\u2019s UMA CTF Adapter contract on Polygon has reportedly been targeted in a suspected exploit, with onchain analysts warning users to pause activity. Summary ZachXBT flagged a suspected UMA CTF&hellip;<\/p>\n","protected":false},"author":1,"featured_media":9742,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-29417","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/29417","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=29417"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/29417\/revisions"}],"predecessor-version":[{"id":29418,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/29417\/revisions\/29418"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/9742"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=29417"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=29417"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=29417"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}