Summary
- Approximately $3 million was stolen from some Polymarket users due to a breach involving a third-party vendor.
- The platform has confirmed that the issue has been resolved and affected users will receive full reimbursement.
- This incident marks the second security breach for Polymarket within a two-month span.
On Thursday, Polymarket reported that a hack involving one of its third-party vendors compromised its website, enabling an exploit that resulted in significant financial losses for its users, estimated at millions of dollars.
Polymarket refrained from commenting when approached by Decrypt and did not disclose the identity of the compromised vendor. However, the company indicated that hackers managed to insert malicious code into the front-end of the prediction market, as detailed in an X post.
In total, the hackers managed to take around $3 million from customer funds.
Investigators at Bubblemaps determined that the potential impact of the hack was mostly limited, affecting fewer than 15 user accounts. The blockchain analysis firm has not yet responded to Decrypt’s inquiry.
Some of the Polymarket accounts impacted include:
0x349606c1b77F3Ba668879CbC9347f15a44cF8fc4
0xFB84a9d631A3a19204B82c78dFeb90b220255fB5
0x4aeC70021891EA712AAf3e2dD76c30f6b09A4ce9
0x987B441a20Dd4AA4bA6d53069E852E7f820adF43
0x2d7BE5170a8026c18709EAEa1027c7f12E8Ce2Ce…— Bubblemaps (@bubblemaps) June 25, 2026
Polymarket has announced that it is currently working to fully reimburse the affected customers and has addressed the front-end issue.
It remains uncertain what measures the platform will implement to prevent similar incidents in the future, especially since it relies on external vendors that play a crucial role in its operations.
The attackers appear to have siphoned funds from Polymarket user wallets holding pUSD, a stablecoin pegged to the dollar and supported by USDC, which is utilized for trading on the platform. The stolen assets were then converted into ETH and transferred to an Ethereum wallet, where they currently remain.
Previously, Polymarket experienced another security breach last month, resulting in the theft of approximately $700,000 from a wallet designated for employee rewards and top-ups. This incident was likely due to a private key compromise but did not seem to affect the overall infrastructure or pose significant risks, according to experts at the time.
Both incidents highlight the vulnerability of major companies to breaches, even when their core systems are secure.