Post-exploit response score

Polymarket's assessment for RD-F-081 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Dec 2025 auth breach response: (1) Compensation completeness 1/5 — none offered; (2) Disclosure transparency 2/5 — Discord only, no provider named, no loss figures; (3) Root-cause depth 2/5 — 'third-party authentication provider' only; (4) Recovery speed 3/5 — reportedly remediated within ~24h. Composite ~2/5 = yellow. UMA governance attack (Mar 2025) similarly scored ~2/5: result declared final, no compensation, called unprecedented but no structured post-mortem.

Sources #

URL
Polymarket says governance attack by UMA whale to hijack a bet's resolution is unprecedentedUMA governance attack: Polymarket declared result final, no compensation — response scored poorly on compensation and transparencyretrieved 2026-04-29
URL
Polymarket auth breach responseDec 2025 Discord statement: 'The issue was caused by a vulnerability introduced by a third-party authentication provider. Polymarket takes security extremely seriously, and the issue has been remediated.'retrieved 2026-04-29

Methodology #

Curator-score (1–5) the most recent incident response on: compensation completeness, transparency of disclosure, root-cause analysis depth, and operational recovery speed.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol polymarket factor RD-F-081 score yellow collected_at 2026-04-29 16:25:39