Polymarket confirms user funds stolen in security breach
What's the story
Polymarket, a leading prediction market platform, has confirmed that a security breach at one of its third-party vendors led to the theft of funds from some users. The company announced the incident in an X post on Thursday. It explained that hackers were able to inject malicious code into their website "for some users" due to this compromise.
Information
Polymarket is reaching out to affected users
Polymarket has assured that it has "contained" the incident and is now reaching out to affected users. The company said they are "refunding them in full." However, the exact details of what transpired remain unclear as of Thursday afternoon.
Ongoing threat
PeckShield warned of phishing campaign
Around the same time as Polymarket's announcement, blockchain monitoring firm PeckShield warned of a phishing campaign targeting its users. According to PeckShield, hackers have stolen some $3 million in cryptocurrency from the platform. A blockchain analyst also reported similar losses and claimed that over 11 victims were affected by this breach.
Company scrutiny
Recent controversy over fake bets
The hacking incident comes on the heels of another controversy for Polymarket. An investigation had recently revealed that the company paid online creators to post fake videos showing them winning lucrative bets. The company has since said it will audit its promotional content. Despite these issues, a recent ad featuring music producer Rick Rubin received praise from several quarters, including Andrew Ross Sorkin, co-anchor of CNBC's morning news and talk program Squawk Box.
Twitter Post
Polymarket is contacting impacted users and refunding them in full
This morning we discovered a 3rd party vendor had been compromised, injecting a malicious script into our frontend for some users. We've contained it & removed the affected dependency. We're contacting impacted users & refunding them in full.
— Polymarket Traders (@PolymarketTrade) June 25, 2026