TL;DR:
A compromised third-party provider was the entry vector that allowed attackers to inject a malicious script into the frontend of Polymarket, the decentralized prediction markets platform. Blockchain analyst Specter identified the attack as a phishing scheme that resulted in the theft of approximately $2.94 million from at least 11 user wallets.
The platform communicated through X that the attack was contained and the affected dependency was removed. It also confirmed that all impacted users will be fully reimbursed.
It appears there may be a phishing attack targeting Polymarket users, with estimated losses of $2.94M so far.
The attacker has drained funds from 11+ victim wallets holding PUSD, swapped the stolen assets for ETH, and consolidated the proceeds into the following address:… pic.twitter.com/6WfS0JhdDG
— Specter (@SpecterAnalyst) June 25, 2026
The Polymarket incident was recorded as number 89 of the second quarter of 2026, according to data from DefiLlama, making this period the quarter with the highest number of reported attacks by incident in the entire history of the sector. In June alone, losses from exploits reached $74.9 million across 29 reported incidents, surpassing the $60.5 million of May, though well below the $644 million recorded in April.
This morning we discovered a 3rd party vendor had been compromised, injecting a malicious script into our frontend for some users. We've contained it & removed the affected dependency. We're contacting impacted users & refunding them in full.
— Polymarket Traders (@PolymarketTrade) June 25, 2026
Among the most notable cases of the month are the Humanity Protocol exploit for $36 million, the attack on the Secret Network bridge for $4.7 million, two separate exploits on Aztec valued at $2.1 million each, and an attack on the Taiko bridge for $1.7 million. Over the total of the last 30 days, private key leaks accounted for 43% of total losses, consolidating their position as the dominant attack vector.
This is not the first security incident Polymarket has faced. Approximately one month ago, the platform disclosed that it had fallen victim to a $600,000 exploit attributed to a six-year-old private key used in internal operations. Josh Stevens, vice president of engineering at the company, stated at the time that contracts and user funds remained safe and that all permissions associated with that key had been revoked.
Despite the incidents, Polymarket holds more than $450 million in total value locked, representing a growth of 301% compared to the $112 million recorded a year ago, according to DefiLlama.
