Incident response time (minutes)

Polymarket's assessment for RD-F-085 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Dec 2025 auth breach: user reports began Dec 22–23; Polymarket official Discord statement Dec 24 = 24–48 hour delay (1,440–2,880 minutes). Well above 240-minute red threshold. Feb 2026 nonce exploit: no official statement or post-mortem issued at all — community developer built Nonce Guard independently. Template: red = >240 min or no statement. Both primary incidents exceed this threshold.

Sources #

GitHub
Polymarket Nonce Guard — evidence of no official responseNonce Guard community tool — created because Polymarket issued no official statement on nonce exploitretrieved 2026-04-29
URL
Polymarket auth breach response timelineDec 2025: CoinDesk article Dec 24; user reports from Dec 22-23. Response ~24-48h after first user reportsretrieved 2026-04-29

Methodology #

Measure the time in minutes from the first exploit transaction to the first official team statement for the most recent incident.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol polymarket factor RD-F-085 score red collected_at 2026-04-29 16:25:39