Home > Security > Security News

Polymarket Confirms Crypto Hack, Refunds User Stolen Funds After Third-Party Vendor Breach

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Cryptocurrency Mining Hands Laptop
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • Breach Confirmed: Polymarket said a third-party vendor compromise injected malicious code into its website for some users.
  • Funds Stolen: Blockchain monitoring firm PeckShield reported that approximately $3 million in cryptocurrency was taken.
  • Victims Identified: A blockchain analyst reported losses affecting more than 11 victims.

Prediction market giant Polymarket has confirmed that hackers stole funds from an unspecified number of users following a third-party breach. The company  said the malicious code affected only a subset of users before the company intervened. 

Polymarket offers users the option to be paid in cryptocurrency, which is used for deposits and withdrawals.

How the Polymarket Breach Happened

Polymarket disclosed the incident in an X post on Thursday, June 25, 2026, stating that a compromise at a third-party vendor allowed attackers to inject malicious code into its website "for some users." According to the company, it has "contained" the incident and is now contacting affected victims and "refunding them in full." 

Polymarket disclosed the incident | Source: Polymarket on X
Polymarket disclosed the incident | Source: Polymarket on X

Around the same time as Polymarket's post, blockchain monitoring firm PeckShield reported on X that a phishing campaign was targeting Polymarket users, with hackers stealing approximately $3 million worth of cryptocurrency. 

PeckShield reported a phishing campaign was targeting Polymarket users | Source: PeckShield on X
PeckShield reported a phishing campaign was targeting Polymarket users | Source: PeckShield on X

PeckShield cited a separate blockchain analyst, Specter, who reported similar losses and claimed the funds were taken from more than 11 victim wallets holding PUSD. 

Mounting Pressure on Polymarket

The hack is the latest setback for a company already facing scrutiny. On Sunday, an investigation revealed that Polymarket had paid online creators to post deceptive videos showing fake winning bets. In response, the company said it would audit its promotional content. 

Polymarket spokesperson Connor Brandi confirmed to TechCrunch, which first spotted the announcement, that the breach led to users' funds being stolen but declined to provide further details or answer specific questions about the incident.

In late May, Polymarket tightened VPN restrictions and expanded KYC checks amid regulatory pressure. In April, the Grinex crypto exchange announced a cyberattack resulting in the theft of $13 million.

Add a Comment
Related
Canada’s TD Bank Deploys WorkiQ Surveillance Software Amid Privacy Gaps
Adblock for YouTube Chrome Extension Hides Dormant JavaScript Injection
Red Codes on Robot
Kaspersky 2026 SMB Threat Report: Fake AI Tools Used in 33,000+ Attacks
Cellebrite UFED Used by Russia Against Activist Andrey Pivovarov Despite 2021 Cutoff
ASIO Reveals Nation-State Hack of Australian Critical Infrastructure
Anthropic Accuses Alibaba of Largest Claude AI Distillation Attack
Most Popular
Canada’s TD Bank Deploys WorkiQ Surveillance Software Amid Privacy Gaps
Adblock for YouTube Chrome Extension Hides Dormant JavaScript Injection
Red Codes on Robot
Kaspersky 2026 SMB Threat Report: Fake AI Tools Used in 33,000+ Attacks
Vulnerability Prioritization is Not Just About Severity, But Exploitability in Context
Cellebrite UFED Used by Russia Against Activist Andrey Pivovarov Despite 2021 Cutoff
ASIO Reveals Nation-State Hack of Australian Critical Infrastructure
Canada’s TD Bank Deploys WorkiQ Surveillance Software Amid Privacy Gaps
Adblock for YouTube Chrome Extension Hides Dormant JavaScript Injection
Kaspersky 2026 SMB Threat Report: Fake AI Tools Used in 33,000+ Attacks
Vulnerability Prioritization is Not Just About Severity, But Exploitability in Context
Cellebrite UFED Used by Russia Against Activist Andrey Pivovarov Despite 2021 Cutoff
ASIO Reveals Nation-State Hack of Australian Critical Infrastructure

Most Popular
Canada’s TD Bank Deploys WorkiQ Surveillance Software Amid Privacy Gaps
Adblock for YouTube Chrome Extension Hides Dormant JavaScript Injection
Red Codes on Robot
Kaspersky 2026 SMB Threat Report: Fake AI Tools Used in 33,000+ Attacks
Vulnerability Prioritization is Not Just About Severity, But Exploitability in Context
Cellebrite UFED Used by Russia Against Activist Andrey Pivovarov Despite 2021 Cutoff
ASIO Reveals Nation-State Hack of Australian Critical Infrastructure
Canada’s TD Bank Deploys WorkiQ Surveillance Software Amid Privacy Gaps
Adblock for YouTube Chrome Extension Hides Dormant JavaScript Injection
Kaspersky 2026 SMB Threat Report: Fake AI Tools Used in 33,000+ Attacks
Vulnerability Prioritization is Not Just About Severity, But Exploitability in Context
Cellebrite UFED Used by Russia Against Activist Andrey Pivovarov Despite 2021 Cutoff
ASIO Reveals Nation-State Hack of Australian Critical Infrastructure

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: