Polymarket Faces Crypto Hack Amid South Korea’s Probe Over Gambling Violations

Prediction market giant Polymarket is under fire as it has been the target of a crypto hack. The exploit is associated with a compromised private key. Meanwhile, it is facing the heat from regulators in South Korea, the U.S. and India.

Polymarket Struggles With Crypto Hack

“A Polymarket deployer address appears to have been compromised on Polygon,” wrote blockchain investigator ZachXBT on Telegram. Shortly after, blockchain analytics firm Bubblemaps stated that the exploit has been in the process of draining funds at a rate of approximately 5,000 POL tokens each 30 seconds.

The stolen assets were then spread out across 16 different wallets before moving to crypto exchanges, according to Bubblemaps. The firm estimated a total loss of $700,000, however, official numbers are around $573,000.

In response, Polymarket’s developer account on X stated that its trading infrastructure and customer balances were not impacted by the breach. “We’re aware of the security reports linked to rewards payout. User funds and market resolution are safe,” the account posted.

They found preliminary evidence that “a private key compromise of a wallet used for internal top-up operations, not contracts or core infrastructure.”

Polymarket’s Josh Stevens also tried to calm users by saying “not a contract hack.” He revealed that the incident was probably due to a private key that was outdated. He went on to say that the stolen credential was “a 6-year-old private key” that is associated with internal top-up settings.

With @zachxbt leading the effort alongside @Bitcoin_Vietnam and @ChangeNOW_io, we managed to freeze $164,000 of the $573,200 in funds transferred from the compromised private key.

Really was a team effort, and it was amazing how quickly everyone reacted. Thanks to everyone who… https://t.co/LW2pHZuFG7

— Josh (@devjoshstevens) May 22, 2026

The hacked crypto is allegedly from a wallet connected to Polymarket’s UMA oracle infrastructure. For context, this system plays a role in resolving conflicting prediction market results.

According to blockchain data, the attacker’s last transaction from the compromised wallet was sometime around 09:00 UTC.

Later, Stevens noted that crypto service providers helped freeze some of the stolen funds. “With ZachXBT leading the effort alongside BitcoinVN and ChangeNOW, we managed to freeze $164,000 of the $573,200 in funds transferred from the compromised private key,” he wrote.

Prediction Market Platform Faces Probe

The security incident coincides with the Korea Communications Standards Commission (KCC) questioning whether Polymarket’s services are considered an illegal gambling platform in South Korea. The regulator is formally investigating the platform’s operations as it continues to grapple with online betting markets in general, per Bloomberg.

Concurrently, Bubblemaps has accused the platform of insider trading. It noted that a group of accounts on Polymarket military prediction markets reportedly has a 98% success rate. The security firm added that they made over $2.4 million in profits due to their alleged trading behavior.

Along similar lines, U.S. House panel has launched a probe against Polymarket and Kalshi. Moreover, the Indian market has moved to formally ban prediction market platforms, including Polymarket.

Previously, the U.S. SEC also postponed prediction market ETFs tied to Polymarket and Kalshi to extend their review period.