Prior exploit count

Polymarket's assessment for RD-F-077 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Zero smart-contract-level exploits (REKT DB empty, data cache rekt.incidents: []). Three frontend/operational incidents with user losses: Nov 2025 phishing (~$500K, unrecovered); Dec 2025 auth breach (undisclosed amount, unrecovered); Feb 2026 nonce manipulation (~$16K+ confirmed). UMA governance attack Mar 2025 also resulted in user losses with no compensation. The $500K phishing loss is unrecovered, preventing a green score. No full-recovery single-exploit scenario — yellow is the appropriate band.

Sources #

URL
Polymarket points to third-party login tool after users report account breachesDec 2025 auth breach: third-party authentication provider compromised; accounts drained; no compensationretrieved 2026-04-29
URL
Polymarket users lose over $500,000 in phishing attack exploiting comment section vulnerabilitiesNov 2025 phishing: ~$500K user losses via comment-section malicious linksretrieved 2026-04-29
URL
Polymarket Exploited via Offchain-Onchain Settlement Flaw and Nonce ManipulationFeb 2026 nonce manipulation: off-chain/on-chain sync flaw exploited against market-making bots; $16,427+ confirmed profitretrieved 2026-04-29
Partner feed
REKT News leaderboardREKT leaderboard — no Polymarket entries; data cache rekt.incidents: []retrieved 2026-04-29

Methodology #

Count the number of distinct incidents in the hack database affecting this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol polymarket factor RD-F-077 score yellow collected_at 2026-04-29 16:25:39