
Prediction market platform Polymarket has confirmed that it suffered a cyberattack. This attack resulted in the theft of approximately $3.1 million in user funds.
The company disclosed the incident in a post on X, stating that attackers gained access through a compromised third-party vendor. According to Polymarket, the hackers injected malicious code into its frontend for a limited number of users. As a result, they were able to steal cryptocurrency from affected accounts.
The platform said it has contained the breach, removed the compromised dependency, and begun contacting impacted users.
Refunds Underway
Polymarket has pledged to fully reimburse affected users. However, it has not disclosed how many customers were impacted or provided a timeline for the reimbursement process.
The company also declined to identify the third-party vendor involved in the security incident.
Around 11 Users Affected
Blockchain security firm PeckShield estimated that approximately $3 million in cryptocurrency was stolen during the attack.
TechCrunch reported that around 11 users lost funds in the breach. Because Polymarket settles transactions in cryptocurrency, affected users experienced immediate financial losses.
Community Reacts
The incident sparked criticism across social media following Polymarket’s announcement.
Some users claimed they had previously warned the company about potential security vulnerabilities. Meanwhile, others mocked the platform over the irony of a prediction market failing to anticipate the attack.
One affected user suggested the breach may have been linked to a virtual private server provided by Xorek Cloud. Even so, Polymarket has not confirmed the identity of the compromised third-party vendor or the cause of the attack.
The company said its investigation remains ongoing as it continues working to compensate affected users.



