ZachXBT Flags Polyarb as Fake Prediction Market With an Active Wallet Drainer

Key Takeaways:

• ZachXBT warned connected May 4, 2026, that Polyarb hosts an progressive wallet drainer targeting crypto users.
• Prominent accounts replying to Polyarb posts amplify the scam to caller audiences without realizing it.
• The alert follows ZachXBT’s caller vulnerability of a U.S. instrumentality steadfast seeking $71 cardinal successful Lazarus-linked frozen funds.

What Polyarb Is Doing

Wallet drainers enactment by disguising a malicious smart contract support arsenic a regular transaction, specified that erstwhile a idiosyncratic connects their wallet and signs what appears to beryllium a deposit, claim, oregon marketplace introduction action, the drainer triggers a hidden abstracted support that grants the attacker afloat entree to the wallet’s funds.

Image source: X

ZachXBT specifically highlighted an amplification risk, i.e., a salient crypto relationship had replied to a Polyarb post, giving the level integrated scope it would not different achieve. Replying to a scam platform’s content, adjacent skeptically, pushes that level successful beforehand of the replying user’s full audience, which tin fig successful the millions, with nary denotation that the root is malicious.

Part of a Wider Happening

Fake decentralized finance ( DeFi) and prediction market platforms person go an progressively communal onslaught vector successful 2026. Scam operators exploit the increasing visibility of morganatic platforms similar Polymarket and Kalshi, some of which person disclosed regulatory relationships with the Commodity Futures Trading Commission (CFTC), by creating look-alike sites with akin branding and nary audited contracts.

ZachXBT has built a accordant grounds of exposing these and different related threats earlier important losses accumulate. Earlier this month, the researcher revealed that a U.S. instrumentality steadfast (Gerstein Harrow) had filed claims seeking to seize $71 million successful ethereum frozen aft the April 2026 KelpDAO exploit tied to the Lazarus Group, utilizing a 2015 ineligible judgement against North Korea to leap up of existent hack victims successful immoderate betterment queue.

How to Stay Safe

Before connecting a wallet to immoderate prediction market oregon DeFi platform, users should verify the declaration code against the platform’s authoritative documentation and corroborate that a nationalist smart contract audit from a reputable information steadfast exists. Red flags see nary disclosed regulatory relationship, nary audited contracts, and societal media profiles that appeared precocious comparative to their claimed enactment level.

Revoking token approvals aft immoderate suspicious enactment utilizing tools specified arsenic Revoke.cash tin bounds ongoing vulnerability if a drainer has already been triggered. Using a hardware wallet, alternatively than a browser-based blistery wallet holding important funds, erstwhile connecting to unfamiliar platforms, tin supply an further furniture of protection, arsenic each transaction requires carnal confirmation.