Polymarket stolen – Polymarket says hackers stole funds from an unspecified number of users after a third-party vendor compromise allowed malicious code to be injected into its website. The company says it has contained the incident and is contacting affected victims to refund th
A Polymarket post on Thursday landed like a warning label—quiet in wording, heavy in implication. The prediction market said hackers had stolen funds from an unspecified number of users after a breach at a third-party vendor.
In an X post, Polymarket said the compromise at the vendor allowed attackers to inject malicious code into its website “for some users.” The company added that it has “contained” the incident and is contacting affected victims, saying it will “refunding them in full.”
By Thursday afternoon, the precise mechanics of the attack were still unclear. When reached, Polymarket spokesperson Connor Brandi confirmed that the breach led to users’ funds being stolen, but declined to provide more information. He did not respond to specific questions about what happened.
The timeline didn’t stop there. Around the same time as Polymarket’s statement, blockchain monitoring firm PeckShield reported on X that a phishing campaign was targeting Polymarket users. PeckShield said hackers had stolen around $3 million worth of cryptocurrency.
A blockchain analyst also reported similar losses, claiming the funds were stolen from more than 11 victims. Polymarket allows users the possibility of being paid in cryptocurrency—an element that makes any theft feel immediate, not theoretical.
The breach also wasn’t Polymarket’s only public crisis. In the last couple of days, two people on social media claimed to have had their Polymarket funds stolen.
And this week has been full of headlines that the company may not have wanted. On Sunday. an investigation revealed that Polymarket had paid online creators to post deceptive videos showing they won lucrative bets that were actually fake. In response, Polymarket said it would audit its promotional content.
What ties these episodes together is timing and trust: a vendor compromise that enabled malicious code. reports of crypto losses tied to phishing. and—only days earlier—the fallout from paid deceptive promotional videos. For users. the message is plain and uncomfortable—when a platform is in the middle of controversy. every security incident lands with extra weight.
Polymarket prediction market cybersecurity vendor breach malicious code phishing campaign cryptocurrency theft PeckShield refunds