Polymarket Hack: User Losses Estimated at Nearly $3 Million
The incident affected only a limited number of users, while the platform’s smart contracts remained uncompromised.
26.06.2026 - 11:35
7
2 min
0
Key points:
- Polymarket lost nearly $3 million after attackers compromised a third-party dependency and injected malicious code into the platform’s web interface.
- Preliminary estimates suggest the attack affected between 11 and 15 users, while the protocol’s smart contracts and core infrastructure remained secure.
Polymarket, the decentralized prediction market platform, has disclosed a security incident that resulted in approximately $3 million in user losses. According to the team, the attack originated from a compromised third-party provider that allowed malicious code to be injected into the platform’s frontend.
The company said the exploit has been fully contained, the compromised dependency has been removed, and all affected users will be fully reimbursed.
Initial estimates indicate that 11 to 15 wallets were impacted. The attackers primarily targeted pUSD, the platform’s dollar-denominated asset.
Attack Targeted the Frontend, Not Smart Contracts
Blockchain security researchers found that the stolen funds were first moved through the Polygon network before being bridged to Ethereum and swapped for ETH. According to PeckShield, roughly 1,893 ETH was consolidated into one of the attacker’s wallets.
Importantly, Polymarket’s smart contracts were not compromised. Instead, the attackers targeted the platform’s web interface. The injected malicious code could manipulate wallet interactions and trick users into approving fraudulent transactions.
While Polymarket has pledged to fully reimburse affected users, it has not yet disclosed which third-party provider was compromised, how long the malicious code remained on the website, or what additional security measures will be implemented following the incident.
Security experts say the attack serves as another reminder that protecting crypto platforms requires more than secure smart contracts. Frontend security, third-party dependencies, and the broader infrastructure users rely on are equally critical to safeguarding digital assets.
Useful material?
Telegram 
Twitter Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Cryptocurrency rates
-
Bitcoin
$59 034
BTC
-2.78%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.02
XRP
-4.33%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.073428
DOGE
-2.81%
-
Zcash
$397.78
ZEC
-2.3%
-
Stellar XLM
$0.172952
XLM
-4.73%
-
Cardano
$0.142688
ADA
-3.2%
-
Polkadot
$3.32
DOT
+5.27%