AI 摘要
Polymarket to Refund Users After Scammers Swipe Millions in Website Exploit One of Polymarket’s third-party vendors suffered a hack Thursday, the prediction market said, leaving its website vulnerable to an exploit th...
风险提示
这条新闻可能带来较大波动,建议先核对原文和后续公告。
所属事件
Polymarket to Refund Users After Scammers Swipe Millions in Website Exploit - Decrypt
Polymarket to Refund Users After Scammers Swipe Millions in Website Exploit One of Polymarket’s third-party vendors suffered a hack Thursday, the prediction market said, leaving its website vulnerable to an exploit th...
Polymarket to Refund Users After Scammers Swipe Millions in Website Exploit
One of Polymarket’s third-party vendors suffered a hack Thursday, the prediction market said, leaving its website vulnerable to an exploit that analysts said led to millions of dollars lost for users of the platform.
Polymarket declined comment when reached by Decrypt , and did not say publicly which of its vendors was compromised. But the attack allowed hackers to inject malicious code into the prediction market’s front-end, the company said in an X post .
Ultimately, the hackers stole some $3 million worth of customer funds.
On-chain sleuths at Bubblemaps concluded that potential damage from the hack was largely contained, with less than 15 user accounts affected. The blockchain investigations firm did not immediately respond to Decrypt ’s request for comment.
Some Polymarket accounts affected:
0x349606c1b77F3Ba668879CbC9347f15a44cF8fc4 0xFB84a9d631A3a19204B82c78dFeb90b220255fB5 0x4aeC70021891EA712AAf3e2dD76c30f6b09A4ce9 0x987B441a20Dd4AA4bA6d53069E852E7f820adF43 0x2d7BE5170a8026c18709EAEa1027c7f12E8Ce2Ce…
— Bubblemaps (@bubblemaps) June 25, 2026
Polymarket said it is in the process of refunding impacted customers in full, and that the frontend issue has been contained and removed.
It is as of yet unclear what steps the prediction market platform can take to prevent such an exploit from happening in the future, given that it relies on some external, third-party businesses that are apparently directly involved in the site’s operation.
The attackers appear to have drained funds from Polymarket customer wallets containing pUSD, a Polymarket-specific dollar-pegged stablecoin backed by USDC , that is used to facilitate all trading on the platform. They then converted the stolen funds into ETH, and compiled them into an Ethereum wallet , where, as of writing, they remain.
Last month, Polymarket suffered another hack , of a wallet used by company employees to top up and pay out user rewards. The exploit lost the company roughly $700,000, and was likely caused by a private key compromise. It did not appear to impact the company’s infrastructure or pose broader risks, experts said at the time.
Both that exploit and today’s, however, point to the ability of hackers to infiltrate major companies on the margins, even when core protocols remain secure.
Your gateway into the world of Web3
The latest news, articles, and resources, sent to your inbox weekly.
© A next-generation media company. 2026 Decrypt Media, Inc.
新闻图片
