Polymarket $3 – Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected malicious code into the platform’s frontend through a third-party vendor. The prediction-market firm says its servers and backend were not affected.
For users who believed they were trading on Polymarket’s official website, the trap looked normal—until a fraudulent transaction slipped through.
Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platform’s frontend following a breach at a third-party vendor. The company framed the incident as a supply-chain attack that impacted a dependency on its website.
Polymarket is one of the world’s largest cryptocurrency-based prediction markets. Users trade contracts whose prices reflect the market’s collective estimate of outcomes. The platform covers sports, economic indicators, weather patterns, awards, political and legislative outcomes, and even military conflicts.
Founded in 2020, Polymarket is currently valued at $9 billion, handles billions of dollars in trading volume, and draws attention as an influential source of information on what markets expect.
During the attack, unsuspecting users were tricked into approving fraudulent transactions on the official Polymarket website. Polymarket says its own servers and backend infrastructure were not impacted.
It didn’t share many details about the event. but independent blockchain intelligence firms estimate that roughly $3 million was stolen from a small number of accounts. PeckShield described the incident as a phishing campaign that stole approximately $3 million worth of ParyonUSD from users. PeckShield then detailed that the stolen funds were bridged from #Polygon to #Ethereum and swapped into about 1,893 Ether.
“The attacker bridged the stolen funds from #Polygon to #Ethereum and swapped them into ~1,893 $ETH,” PeckShield said.
Transaction tracking included by PeckShield traces the flow of funds after the theft.
Another visual analytics company, Bubblemaps, put the scope at less than 15 accounts. Bubblemaps published a list of some affected accounts and the wallets holding the stolen funds.
Polymarket has not replied to requests for additional information about the incident by publication time. Still. for a platform built around trust in a “real” market interface. the timing and method of the compromise—malicious JavaScript delivered through a frontend vendor—left users facing the one problem prediction markets can’t afford: the feeling that the site they rely on was quietly turned against them.
Polymarket prediction markets supply-chain attack cryptocurrency security frontend compromise malicious JavaScript ParyonUSD Ether Polygon Ethereum PeckShield Bubblemaps reimbursement