Polymarket Says ‘Contained And Removed’ Malicious Bug After Third-Party Vendor Was Hacked; Will Refund Impacted Users In Full As On-Chain Sleuth Estimates $3 Million Drain

by | Jun 26, 2026 | General

Polymarket said it successfully contained a security breach after discovering a third-party vendor had been compromised on Thursday morning.

Polymarket Refunding ‘Users In Full’

Polymarket Traders, an X handle with an official Polymarket Traders badge, first disclosed that the breach injected a “malicious script” into the frontend for some users.

“We’ve contained it & removed the affected dependency. We’re contacting impacted users & refunding them in full,” Polymarket Traders said.

Polymarket’s Growth Lead, William LeGate, confirmed the hack and the refund process. Benzinga reached out to Polymarket for more details on the breach.

On-Chain Sleuths Point To Millions In Theft

Blockchain analytics platform Bubblemaps said that the attacker drained nearly $3 million from under 15 wallets, although the damage has been “largely contained.”

“Great response by Polymarket,” the on-chain sleuth added.

Specter, another on-chain investigator, stated that the victim wallets held PUSD, a collateral token backed by USDC (CRYPTO: USDC) used for all trading on Polymarket.

The stolen assets were then swapped for Ethereum (CRYPTO: ETH) and consolidated into a single address.


Read Also:

Kalshi Eyes $40 Billion Valuation, Nearly Doubling Since May As Polymarket Falls Further Behind

Polymarket On Hackers’ Radar?

The latest security breach comes barely a month after Polymarket revealed that the wallet its employees used to top up accounts and pay user rewards had been hacked. On-chain analysts estimate the exploit at close to $700,000.


Read Also:

Mark Zuckerberg Plans To Take On Polymarket, Kalshi With ‘Arena’ Prediction Markets App

Photo: PJ McDonnell / Shutterstock