Polymarket Confirms Hack: User Funds Stolen in Third-Party Breach

Prediction market giant Polymarket has confirmed that hackers stole funds from an unspecified number of users following a third-party security breach.

In a post on X (formerly Twitter) on Thursday, Polymarket stated that a compromise at a third-party vendor allowed attackers to inject malicious code into its website, affecting “some users.” The company said it has “contained” the incident and is now contacting impacted victims and “refunding them in full.”

As of Thursday afternoon, the exact nature of the breach remains unclear. When reached by TechCrunch, Polymarket spokesperson Connor Brandi confirmed that the breach led to the theft of user funds but declined to provide additional details or answer specific questions about the incident.

Around the same time as Polymarket’s announcement, blockchain security firm PeckShield reported on X that a phishing campaign was targeting Polymarket users. According to PeckShield, the hackers had stolen approximately $3 million worth of cryptocurrency.

A blockchain analyst also reported similar losses, stating that funds were taken from more than 11 victims.

Polymarket offers users the option to be paid in cryptocurrency, which may have been a factor in the attack’s focus on digital assets.

In the days leading up to the announcement, at least two individuals on social media claimed their Polymarket funds had been stolen.

This hack is the latest setback for Polymarket, which has faced negative headlines this week. On Sunday, an investigation revealed that the company had paid online creators to post deceptive videos claiming they had won lucrative bets—which were actually fake. In response, Polymarket said it would audit its promotional content.

The 2026 cybersecurity incident underscores ongoing risks in the crypto and prediction market sectors, where third-party vulnerabilities can lead to significant user losses. Industry observers are now calling for tighter security protocols and better incident response transparency.

via TechCrunch

Related