Polymarket to Refund Users After Scammers Swipe Millions in Website Exploit
Analysis
Price Impact
LowThe exploit affected polymarket users and their stablecoin pusd, which is backed by usdc. the stolen funds were converted to eth. while a direct impact on usdc or eth prices is unlikely due to the limited scope and the fact that polymarket is refunding users, it highlights potential risks within the defi ecosystem that could indirectly affect sentiment.
Trustworthiness
HighPrice Direction
NeutralThe event is specific to polymarket and its users, not a general market-wide issue affecting major cryptocurrencies like btc or eth directly. polymarket's commitment to full reimbursement mitigates immediate price pressure on related assets.
Time Effect
ShortThe impact is primarily short-term as the issue is contained, users are being reimbursed, and polymarket is addressing the security vulnerability. the market reaction will likely fade quickly.
Original Article:
Article Content:
In brief Hackers exploited a compromised third-party vendor to steal about $3 million from a handful of Polymarket users. Polymarket says the issue is fixed and affected users will be fully reimbursed. It marks the platform's second security incident in two months. One of Polymarket’s third-party vendors suffered a hack Thursday, the prediction market said, leaving its website vulnerable to an exploit that analysts said led to millions of dollars lost for users of the platform. Polymarket declined comment when reached by Decrypt , and did not say publicly which of its vendors was compromised. But the attack allowed hackers to inject malicious code into the prediction market’s front-end, the company said in an X post . Ultimately, the hackers stole some $3 million worth of customer funds. On-chain sleuths at Bubblemaps concluded that potential damage from the hack was largely contained, with less than 15 user accounts affected. The blockchain investigations firm did not immediately respond to Decrypt ’s request for comment. Some Polymarket accounts affected: 0x349606c1b77F3Ba668879CbC9347f15a44cF8fc4 0xFB84a9d631A3a19204B82c78dFeb90b220255fB5 0x4aeC70021891EA712AAf3e2dD76c30f6b09A4ce9 0x987B441a20Dd4AA4bA6d53069E852E7f820adF43 0x2d7BE5170a8026c18709EAEa1027c7f12E8Ce2Ce… — Bubblemaps (@bubblemaps) June 25, 2026 Polymarket said it is in the process of refunding impacted customers in full, and that the frontend issue has been contained and removed. It is as of yet unclear what steps the prediction market platform can take to prevent such an exploit from happening in the future, given that it relies on some external, third-party businesses that are apparently directly involved in the site’s operation. The attackers appear to have drained funds from Polymarket customer wallets containing pUSD, a Polymarket-specific dollar-pegged stablecoin backed by USDC , that is used to facilitate all trading on the platform. They then converted the stolen funds into ETH, and compiled them into an Ethereum wallet , where, as of writing, they remain. Last month, Polymarket suffered another hack , of a wallet used by company employees to top up and pay out user rewards. The exploit lost the company roughly $700,000, and was likely caused by a private key compromise. It did not appear to impact the company’s infrastructure or pose broader risks, experts said at the time. Both that exploit and today’s, however, point to the ability of hackers to infiltrate major companies on the margins, even when core protocols remain secure. Daily Debrief Newsletter Start every day with the top news stories right now, plus original features, a podcast, videos and more. Your Email Get it! Get it!