Polymarket to refund users after cyberattack drains about $3 million in crypto

Prediction market platform Polymarket is refunding affected customers after a cyberattack reportedly led to the theft of about $3 million in cryptocurrency from a small number of users.

The incident is believed to have stemmed from a compromised third party vendor dependency that allowed attackers to inject malicious code into parts of Polymarket’s front end. The malicious script was reportedly served to some users, creating an opportunity for attackers to interfere with customer activity and steal funds.

Polymarket said it had identified the issue, contained the breach and removed the affected dependency. The company also confirmed that impacted users would be reimbursed in full.

Blockchain security firm PeckShield estimated that roughly $3 million was stolen from around 11 users. Polymarket has not publicly named the vendor involved or identified the specific dependency that was compromised.

The attack has drawn sharp criticism from parts of the crypto community, where users questioned how malicious code was able to reach the platform’s front end. Some online commentators also pointed to previous public remarks by the company that they interpreted as provoking hackers, although there is no evidence those comments were connected to the breach.

One affected user speculated that the incident may have involved infrastructure linked to Xorek Cloud’s VPS services, but that claim has not been verified. At this stage, the confirmed details remain limited to Polymarket’s acknowledgement of a compromised third party component, the removal of the affected dependency and its plan to make victims whole.

The breach highlights a growing risk for crypto platforms and other online financial services. Even when core systems remain intact, attackers can exploit weaknesses in software dependencies, vendors and front end delivery chains to reach users directly. These attacks can be difficult to detect because they may appear to come through trusted websites or applications.

For prediction markets, exchanges and other crypto related businesses, the incident is a reminder that security cannot stop at smart contracts, wallets or internal infrastructure. Vendor management, dependency monitoring, code integrity checks and user behaviour analytics all play a role in reducing exposure.

It is also a warning for everyday users. Crypto theft often moves quickly, and attacks can exploit trust in familiar platforms. Users should be cautious when approving transactions, review wallet permissions regularly and avoid assuming that a known website is automatically safe in every session.

As cybercriminals continue to target trusted platforms and software supply chains, organisations need staff who can recognise risks before they become costly incidents.

To strengthen your organisation’s defences, encourage your team to take The Hack Academy’s online cybersecurity training programme. Its practical training helps employees spot threats, understand modern attack methods and build safer habits before attackers find the gaps.

Photo Credit: DepositPhotos.com