A significant security breach has led to the theft of funds from multiple users of the prediction market platform Polymarket. The company has confirmed that the breach stemmed from a compromise at a third-party vendor, which enabled hackers to inject malicious code into its website for certain users.
In a recent post on the social media platform X, Polymarket announced that it has managed to contain the incident and is actively reaching out to the users affected by the breach to fully refund them. However, additional details about the breach remain unclear, and the extent of the incident is still being assessed.
TechCrunch reached out for clarification and received confirmation from Polymarket spokesperson Connor Brandi that the breach indeed resulted in the theft of user funds but did not provide further information or specifics regarding the circumstances of the breach.
In tandem with Polymarket’s announcement, blockchain monitoring firm PeckShield reported on X that a phishing campaign was specifically targeting Polymarket users, with estimates suggesting hackers may have stolen around $3 million in cryptocurrency. A blockchain analyst supported this claim, indicating that more than 11 victims had reported losses as a result of the attack.
Polymarket is known for its service that allows users to be paid in cryptocurrency, which heightens the stakes in terms of user security and trust. In recent days, some users have taken to social media to allege that they, too, had their funds stolen from their Polymarket accounts.
This hacking incident comes at a tumultuous time for Polymarket, which has recently been under scrutiny for unrelated issues. An investigation revealed that the company allegedly paid online creators to produce misleading videos suggesting that they had won significant bets, which were later found to be fabricated. In response to the allegations, Polymarket announced plans to audit its promotional content, aiming to restore trust and credibility among its user base.
