Prediction market giant Polymarket hit by cyber attack, with company confirming user funds stolen – here’s what we know

The Polymarket prediction platform was hacked via a compromised third-party vendor dependency, injecting malicious scripts into its frontend
About $3M in crypto stolen from ~11 users, according to PeckShield; Polymarket fully refunds victims while removing the affected dependency
Community reactions to X were critical, with some blaming former “mocking hackers”; one victim speculated that the breach may have involved Xorek Cloud’s VPS

Polymarket, a prediction platform where people trade on the probabilities of various real-world events, was hacked and reportedly lost around $3 million in user funds. The company is now fully refunding the victims.

In a brief post published on X earlier this week, Polymarket confirmed the news and said it discovered that a third-party vendor had been compromised. Through this compromise, the attackers injected a malicious script “into our frontend for some users.”

Since then, Polymarket said it contained the incident and removed the affected dependency, but did not say which dependency it was. It did not say which third-party vendor was compromised. Additionally, it said it is currently contacting affected users and refunding them in full, but did not say how many people were affected or how much money was involved.

Context-dependent vulnerabilities

This morning we discovered that a third-party vendor had been compromised, injecting a malicious script into our frontend for some users. We have contained it and removed the affected dependency. We will contact affected users and refund them in full.25 June 2026

In its article, TechCrunch cited blockchain monitoring firm PeckShield, which claims that around $3 million in cryptocurrency was stolen during the attack. The publication also reported that around 11 people were affected. Polymarket allows its users to be paid in crypto.

X users who left comments on Polymarket’s announcement seem completely unsurprised by the breach. “I spent weeks telling you this and you ignored it,” one person said. “Next time I find a vulnerability, I will sell it to criminal gangs.” Three users suggested that Polymarket deserved what had happened for “taunting hackers” earlier. One made a sly joke and said, “How did you not foresee this?”

Polymarket did not say which third-party vendor was compromised, but one of the users who lost money in this attack speculates that it happened through Xorek Cloud’s VPS:

“I recently purchased a VPS from Xorek Cloud and stored my private key on it,” they said on X. “I’m not sure how the compromise happened, but that’s the only possible security risk I can think of.”