Polymarket's UMA CTF Adapter Exploited — Over $500K Stolen as Hacker Drains 5,000 POL Every 30 Seconds!

Polymarket's UMA CTF Adapter has been exploited in an active attack, with the hacker draining approximately 5,000 POL tokens every 30 seconds. Over $500,000 in funds has already been stolen as of the time of reporting, and the attack appears to be ongoing.

The UMA CTF Adapter serves as the critical bridge between Polymarket's prediction market platform and the UMA oracle, which is responsible for resolving market outcomes. By manipulating this bridge contract, the attacker was able to siphon funds systematically at a rapid, automated cadence — a hallmark of a scripted exploit rather than a one-time theft.

The hacker has reportedly begun laundering the stolen funds, suggesting an attempt to obscure the trail before the broader security community can respond. The scale and speed of the drain make this one of the more severe DeFi bridge exploits of 2026. Users with funds exposed to…