Polymarket Hack: Million Stolen From Users in Third-Party Vendor Breach

This post contains affiliate links. As an Amazon Associate, PC Master Deals earns from qualifying purchases.

Polymarket, the leading crypto prediction market platform, has confirmed that hackers stole funds from users after a third-party vendor was compromised. The breach, which occurred on June 25, 2026, saw approximately million worth of cryptocurrency drained from user wallets.

What Happened?

Polymarket announced on X (formerly Twitter) that a third-party vendor had been compromised, allowing hackers to inject malicious JavaScript into the platform’s frontend for some users. The malicious script targeted user wallets during transactions, siphoning funds directly from victims’ accounts.

Blockchain security firm PeckShield was first to alert the public, flagging a phishing campaign targeting Polymarket users. According to PeckShield’s analysis, roughly million worth of Polymarket’s native POLY token was stolen. A blockchain analyst further reported that the funds were taken from more than 11 victims.

Polymarket stated they have “contained” the incident and are currently contacting affected users and refunding them in full.

Timeline of Events

Time (June 25) Event
Early afternoon Polymarket users report missing funds on social media
12:58 PM PDT TechCrunch breaks the story
Afternoon PeckShield confirms ~M in POLY tokens drained
Evening Polymarket confirms breach, promises full refunds

Who Is Affected?

The breach specifically targeted users who were actively transacting on Polymarket’s web interface during the window when the malicious script was active. Users who connected their wallets to Polymarket’s frontend, approved transactions during the compromise window, or had significant POLY token balances were at the highest risk.

How Did This Happen?

Polymarket has not disclosed which third-party vendor was compromised. However, the attack vector appears to be a supply chain attack — a growing trend in crypto security incidents. Hackers gained access to a vendor’s infrastructure and used it to inject malicious code into Polymarket’s website.

This type of attack is particularly dangerous because users see the legitimate Polymarket interface, transaction requests appear normal, and even experienced crypto users can be fooled. The attack exploits the trusted relationship between user and platform.

What Polymarket Is Doing

  • Contained the breach — removing the malicious script
  • Investigating — working with security experts to determine the full scope
  • Refunding victims — promising full reimbursement to all affected users
  • Auditing vendors — reviewing third-party security practices

However, this is the second PR blow for Polymarket in the same week. Just days earlier, an investigation revealed that Polymarket had paid online creators to post deceptive videos showing fake winning bets.

FAQ

Is my money safe on Polymarket?

Polymarket has promised to refund all affected users in full. However, the incident raises concerns about platform security. If you currently have funds on Polymarket, consider withdrawing them until the company provides a clear post-mortem of the breach.

How can I protect my crypto from supply chain attacks?

Use hardware wallets (like Ledger or Trezor) for large holdings, avoid keeping significant balances on web-based platforms, double-check transaction requests before signing, and consider using browser isolation for crypto transactions. Browse hardware wallets on Amazon.

Will this affect Polymarket’s 2026 election betting?

Polymarket has been a major platform for political prediction markets, including 2026 midterm election bets. While the company is refunding users, trust has been damaged. It remains to be seen whether users will return to the platform for election betting.

What should I do if I think I was affected?

Contact Polymarket support immediately. Monitor your wallet for unauthorized transactions. Consider transferring remaining funds to a hardware wallet while the investigation continues.

Final Verdict

The Polymarket hack is a stark reminder that supply chain attacks are one of the most dangerous threats in crypto. Even well-funded platforms can be compromised through their vendors. The million theft — while Polymarket has promised refunds — could have been much worse.

Score: 5/10 — Good incident response speed, but security practices need significant improvement.

Our advice: Wait for the full post-mortem and third-party security audit before depositing significant funds back on the platform.


This post contains affiliate links. As an Amazon Associate, PC Master Deals earns from qualifying purchases.

👉 Protect your crypto with a hardware wallet on Amazon

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top