UMA Governance Attack at Polymarket Sparks Trust Concerns

A rogue actor operating from an Ethereum wallet under the alias BornTooLate.eth has executed a governance attack on the UMA oracle protocol used by Polymarket. The attacker, having accumulated approximately 1.3 million UMA tokens over the past year, became one of the top-5 governance stakers and used their significant stake to vote ‘yes’ on the resolution of a Ukraine-themed prediction market contract. This market speculated on a potential US deal regarding access to the country’s rate earth resources by the end of March. Despite the attack, the financial gains were modest—with the largest profit recorded at around $55,000 and the biggest loss at approximately $73,000—and Polymarket stated that no refunds will be issued since the event is not deemed a market failure. Polymarket is now collaborating with the UMA oracle team to implement safeguards against future attacks. The incident follows previous controversies involving UMA’s resolution of disputed markets, which have generated criticism due to subjective decision-making. The news highlights vulnerabilities within decentralized governance systems that can affect critical outcomes in prediction markets.