Polymarket's smart contracts appear to be under active exploitation, with on-chain investigator @zachxbt flagging the breach and confirming that more than $660,000 has already been drained from the platform.
The attack vector is still being traced, but the loss is moving in real time — the figure cited is a floor, not a ceiling, and the attacker is reportedly still pulling funds as investigators piece together the exploit path.
Why it matters
Polymarket operates as one of the most liquid prediction-market venues in crypto, with settlement contracts handling event positions in everything from elections to macro prints. A live exploit on a venue of that size is a direct hit to user principal — not a market dislocation, not a liquidation cascade — and it puts the platform's contract architecture under immediate scrutiny.
Market impact
For users with open positions, the immediate question is whether the exploit touches the settlement layer or the liquidity layer; for the broader prediction-market sector, the incident lands at a moment when Polymarket has been pushing hard for retail legitimacy and US market re-entry. Watch for an official statement, a pause in contract activity, and a wallet trace on the attacker's address.
Frequently asked questions
-
What happened to Polymarket?
Polymarket's smart contracts appear to be under active exploitation. On-chain investigator @zachxbt flagged the breach and confirmed that more than $660,000 has already been drained, with the attacker reportedly still pulling funds.
-
How much has been stolen from Polymarket so far?
More than $660,000 had been stolen at the time of the initial report from @zachxbt, with the figure described as a floor rather than a ceiling since the attacker is still active.
-
Is the Polymarket exploit still ongoing?
Yes. As of the latest update, the attacker is reportedly still pulling funds while investigators work to trace the attack vector.
-
Who reported the Polymarket exploit?
On-chain investigator @zachxbt flagged the breach publicly, drawing attention to the live drain of funds from Polymarket's contracts.
-
What should Polymarket users do right now?
Watch for an official platform statement, any pause in contract activity, and a wallet trace on the attacker's address. Users with open positions should monitor for whether the exploit touches the settlement layer or the liquidity layer.
Lookonchain