Tech

Polymarket to refund users after third-party hack steals $3 million

Published Jun 25, 2026 Updated 4h ago

Polymarket said it is refunding users after hackers stole roughly $3 million by injecting a malicious script into the platform's frontend through a compromised third-party vendor. The supply-chain attack, disclosed Thursday, targeted the vendor integration rather than Polymarket's core smart contracts. The platform contained the compromise and removed the affected dependency. The incident follows a separate breach disclosed in April 2026, intensifying scrutiny of Polymarket's security infrastructure as trading volumes grow. The platform did not specify which vendor was compromised or the exact number of affected users.

Why this matters?

Polymarket's second frontend breach in two months forces the platform to absorb user losses while rival operators watch whether traders migrate on security fears. Any sustained outflow would hand market share directly to Kalshi and other regulated venues at a moment when Meta's Arena looms.

In this story

Polymarket

Add Prediction News as a preferred source on Google Get our prediction-market coverage prioritized in your search results

Polymarket to refund users after third-party hack steals $3 million

Prediction markets, resolved by noon ET.

Related Stories

Kalshi CEO confirms IPO consideration but rules out 2026 listing

Kalshi in talks to raise at $40 billion valuation, nearly double May mark

CFTC sues Kentucky as ninth state in prediction market preemption fight

CFTC proposes rules broadly permitting sports event contracts on prediction markets

Trump Jr. received $300,000 equity stake in Kalshi

Polymarket annualized revenue tops $1 billion six weeks after U.S. exchange launch