News linked to both this project and an event.
Polymarket staff member Shantikiran Chanal posted on platform X, stating that they have taken note of the security reports related to reward distribution, and that user funds and market settlements remain safe. The investigation indicates that a private key leak occurred in a wallet used for internal operations, and the issue is not related to contracts or core infrastructure. Further updates will be provided.Previous report: ZachXBT stated that the Polymarket UMA CTF Adapter contract allegedly came under attack on Polygon, with over $520,000 having been drained.
According to on-chain investigator ZachXBT, Polymarket’s UMA CTF adapter on the Polygon network appears to have been attacked, resulting in losses exceeding $520,000 so far.
THORChain has released its fourth update regarding the Asgard vault intrusion incident, publishing the ADR028 proposal and opening voting for node operators. The proposal indicates that the protocol will first absorb losses through its Protocol-Owned Liquidity (POL), with the remaining portion to be borne by synthetic asset holders. The exact proportion is still under evaluation. The POL will be reduced to zero as a result, and the proposal suggests allocating a portion of system revenue over time to gradually replenish it. This plan does not involve minting new RUNE, selling RUNE, or diluting holder equity.On the technical side, the GG20 version will be temporarily retained with a patch upgrade. Trading will resume after the vulnerability is fixed and a successful node rotation is completed. A slower, more security-focused release cadence is planned for the future.Regarding the slashing mechanism, unrelated nodes sharing the same vault as the attacker will be protected, while the attacker's node will be fully slashed. The recovered RUNE will be paired with recoverable assets from the affected vault, and any excess RUNE will be burned.Additionally, THORChain has offered a white-hat bounty to the attacker to recover funds. If a portion of the funds is recovered, the recovery plan will be adjusted proportionally. THORChain emphasizes its commitment to remaining neutral and permissionless, stating it will not censor the attacker's swap transactions after trading resumes.Currently, node operators are voting on the overall direction and principles of the proposal. The specific figures in the ADR are indicative and will be adjusted later via the Mimir mechanism. The goal is to restart the network as soon as possible. A "yes" vote means developers can proceed further along this path.
Odaily Odaily, THORChain posted on platform X that its developers have released an incident update on Discord. Current evidence points to a node thor16uc...cn84q, which recently joined the network, as being associated with the attack. This node is operated by a single malicious actor. The primary hypothesis is that the attacker exploited a vulnerability in the GG20 TSS implementation, causing sensitive key material of vault participants to leak over time. This ultimately enabled the reconstruction of the vault's private key and the execution of unauthorized outgoing transactions.Regarding network status, the network has been paused after multiple node operators executed `make pause`. RUNE transfers and on-chain observation may resume within approximately 12 hours, but transactions, LP operations, signing, and other sensitive operations remain paused.Discussed recovery plans include slashing the affected node's bond, covering losses with protocol-owned liquidity (POL), or other community-driven solutions. THORSec and Outrider Analytics are continuing their investigation. The Treasury is gathering forensic data and coordinating with relevant law enforcement agencies. Full functional recovery is expected to take several days or longer.
Huma Finance posted on X platform, stating that its old v1 contract deployed on Polygon was exploited today, resulting in the transfer of approximately 101,400 USDC. This incident did not compromise user funds, and the related PST system was also unaffected. Only the gradually phased-out v1 legacy pools were impacted. The Huma v2 system is a complete rewrite deployed on Solana and is not vulnerable to this exploit. The team was already in the process of retiring v1 liquidity pools, and following this incident, they have fully suspended the operation of v1 contracts and accelerated the completion of migration efforts.
According to Blockaid’s monitoring, Ink Finance’s Workspace Treasury Proxy on Polygon was exploited minutes ago, involving approximately $140,000.
According to monetsupply.eth, Spark’s Strategy Lead, in a post on X, Spark has long maintained a relatively high borrowing interest rate cap for its SparkLend ETH market. Although this policy caused many users to migrate to Aave—resulting in substantial loss of business and revenue—the current market liquidity crisis has validated the prudence of this strategy. Presently, Aave is experiencing severe liquidity shortages across multiple chains—including Ethereum Mainnet, Arbitrum, Polygon Plasma, Mantle, and Base—with ETH borrowing utilization reaching 100%. This has prevented depositors from withdrawing funds and hindered normal liquidation of ETH collateral. He warns that if the current liquidity crunch persists, a 15–20% drop in ETH’s price could expose Aave to widespread bad debt—compounded by the potential impact of the rsETH vulnerability incident.
According to official news, the Polygon team has been actively monitoring the rsETH vulnerability: neither the Polygon Chain, Agglayer, nor the broader ecosystem including Katana and Vaultbridge have been affected by this incident.