Polymarket probes suspected Polygon wallet private-key breach

Polymarket is investigating a suspected private-key compromise of an internal Polygon “top-up” wallet the platform uses to fund on-chain withdrawals, cover transaction fees and manage cross-chain liquidity. The firm detected activity it describes as consistent with unauthorized access and opened an inquiry into the incident.

A private-key compromise means an attacker may have obtained the secret key that controls the wallet and could create signed transactions to move assets without approval. Because Polygon is a public blockchain, transfers from the wallet can be observed on-chain and used in forensic tracing.

Polymarket characterizes the incident as a breach of an internal wallet rather than a failure of the Polygon network. The firm is investigating which assets were affected, how the key was exposed and what operational controls failed. The probe is ongoing and the firm has indicated it will provide updates as it learns more.

Investigators typically examine on-chain transaction records alongside device and access logs to trace fund flows and identify how credentials were compromised. Common mitigation steps in incidents like this include isolating affected services, restricting on-chain movement from linked addresses and engaging third-party blockchain forensics teams and network maintainers to assist in tracing transfers.

Possible short-term impacts include temporary disruption to Polygon-based deposits or withdrawals while mitigation measures are put in place. Users with funds held in separate custody or on other blockchains may not be affected; the scope of impact depends on how operational wallets are segregated from customer custody.

On-chain evidence will determine whether assets were moved to centralized exchanges, other wallets or mixing services. Polymarket’s review is expected to identify any transfers from the top-up wallet and the destinations of those transfers.

Private-key compromises can result from stolen credentials, compromised developer machines, insecure key storage or social-engineering attacks. Controls commonly used to limit exposure include hardware wallets, multisignature arrangements, strict access controls and routine audits of key management processes. Polymarket’s investigation aims to identify specific failure points and any remediation the firm will implement.

Polymarket has said it will update users with additional information as the investigation continues and will report on any recovery or reimbursement plans if applicable.