Back

ZachXBT Warns of Polyarb's Active Wallet Drainer Scam

Severity: High (Score: 69.0)

Sources: News.Bitcoin, Mexc.Co

Summary

On May 4, 2026, onchain investigator ZachXBT reported that Polyarb, a site posing as a prediction market platform, is operating an active wallet drainer. This malicious tool disguises a harmful smart contract approval as a regular transaction, allowing attackers to gain full access to users' wallets when they connect and sign what seems to be a legitimate action. The investigation highlighted the risk of amplification through prominent crypto accounts engaging with Polyarb's content, inadvertently promoting the scam to millions. The rise of fake DeFi and prediction market platforms has been noted as a growing attack vector in 2026, leveraging the visibility of legitimate platforms. Users are advised to verify contract addresses and ensure the presence of audited contracts before engaging with such platforms. Red flags include recent social media profiles and lack of regulatory disclosures. ZachXBT has a history of exposing threats before significant losses occur, including a recent case involving a $71 million Ethereum seizure linked to the Lazarus Group. Recommendations include using hardware wallets for unfamiliar platforms and revoking token approvals after suspicious interactions. Key Points: • Polyarb is identified as a fraudulent prediction market with an active wallet drainer. • Prominent crypto accounts inadvertently amplify the scam's reach by engaging with its content. • Users should verify contract addresses and use hardware wallets to protect against wallet drainers.

Key Entities

  • Lazarus Group (apt_group)
  • Phishing (attack_type)
  • Polyarb (platform)
  • Kalshi (platform)
  • North Korea (country)
  • T1566.002 - Spearphishing Link (mitre_attack)
  • Polymarket (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed