Polymarket Confirms User Fund Theft After Third-Party Breach
Quick Look
- Prediction market Polymarket confirmed that hackers stole funds from an unspecified number of users following a third-party vendor breach that injected malicious code into its website.
- The company is contacting affected victims and refunding them in full.
- Blockchain monitoring firm PeckShield reported a phishing campaign targeting Polymarket users, with approximately $3 million in cryptocurrency stolen from over 11 victims.
AI-generated summary
Why It Matters
Prediction market giant Polymarket confirmed a third-party breach led to hackers stealing funds from users by injecting malicious code into its website. The company has contained the incident and is contacting affected victims for full refunds.
Prediction market giant Polymarket confirmed that hackers stole funds from an unspecified number of users after a third-party breach.
In an X post on Thursday, Polymarket said that a compromise at a third-party vendor allowed hackers to inject malicious code into its website “for some users.” The company said it has “contained” the incident and is now contacting the affected victims and “refunding them in full.”
As of Thursday afternoon, it’s unclear exactly what happened.
When reached by TechCrunch, Polymarket spokesperson Connor Brandi confirmed that the breach led to users’ funds being stolen but declined to provide more information, and did not respond to specific questions about the incident.
Around the same time as the Polymarket post, blockchain monitoring firm PeckShield reported on X that a phishing campaign was targeting Polymarket users. According to PeckShield, hackers had stolen around $3 million worth of cryptocurrency.
A blockchain analyst also reported similar losses and claimed that the funds were stolen from more than 11 victims.
Polymarket offers users the possibility of being paid in cryptocurrency.
In the last couple of days, two people on social media claimed to have had their Polymarket funds stolen.
What to Watch
AI outlook — possibilities, not facts
Polymarket will contact affected victims and issue full refunds.
Very likely · Within days
Open Questions
- What is the exact number of affected users?
- Which specific third-party vendor was compromised?
- How was the malicious code injected into the website?






