How much was stolen in the Polymarket hack?

Approximately $3 million worth of user assets, primarily pUSD stablecoins.

What caused the Polymarket breach?

Hackers compromised a third-party vendor and injected malicious code into Polymarket's website frontend.

How many users were affected?

Fewer than 15 user accounts were impacted.

Will affected users get their money back?

Yes, Polymarket has confirmed that all affected users will receive full reimbursement.

Was this Polymarket's first security incident?

No, the platform also experienced a separate attack on internal wallets in May 2026.

Polymarket Security Breach: Hackers Steal $3M via Third-Party Vendor

Dishika Ahuja

June 26, 2026

Polymarket security breach illustration showing vendor attack and crypto theft

How the Polymarket Security Breach Happened Through a Vendor Attack

Prediction market platform Polymarket confirmed on June 25, 2026, that hackers stole approximately $3 million in user assets after malicious code was injected into its website frontend through a breached third-party vendor. Fewer than 15 accounts were affected. The vulnerability has been fixed, and Polymarket says all impacted users will be fully reimbursed.

How the Attack Unfolded

One of Polymarket's external vendors was compromised, giving attackers a way in. The hackers used that access to inject malicious code directly into Polymarket's website frontend a method known as a supply-chain attack. Because the code ran on the live site, users interacting with the platform were exposed without any warning.

Polymarket disclosed the breach via a post on X Account. The company did not name the compromised vendor and declined to comment further when contacted by Decrypt.

On-chain analysis confirmed the damage

On-chain analysis confirmed the damage. The stolen funds were primarily made up of Polymarket's pUSD stablecoin. The hackers then swapped the pUSD for ETH — a standard move to reduce traceability before disappearing.

Who Got Hit

Fewer than 15 user accounts were directly affected, according to on-chain data. Despite the small number, the total loss reached roughly $3 million, suggesting the attackers targeted wallets holding significant balances.

Polymarket has confirmed the exploit is patched and that every affected user will receive full reimbursement. No permanent financial loss is expected for any impacted account.

The Bigger Problem: Two Breaches in Under Two Months

This is not Polymarket's first security incident this year. In May 2026, the platform suffered a separate attack in which over $520,000 with some reports citing closer to $700,000 was drained from internal operations wallets connected to rewards payouts on Polygon. That breach targeted employee-side wallets rather than user funds directly.

Two incidents in under two months is a pattern that demands attention. It raises real questions about how rigorously Polymarket vets its third-party vendors, how quickly it detects frontend tampering, and whether its current security infrastructure is built for the scale it now operates at.

Why Supply-Chain Attacks Are So Dangerous

Supply-chain attacks are difficult to defend against because they bypass a platform's own systems entirely. The attacker does not need to break into Polymarket they only need to break into someone Polymarket trusts. Once malicious code is running on the frontend, it is indistinguishable from legitimate code to most users.

For a prediction market handling real-money positions, even a short window of exposure can result in significant losses. In this case, the speed with which stolen pUSD was converted to ETH suggests the attackers had a pre-planned exit strategy ready to execute.

What to Watch Next

The incidents are unlikely to go unnoticed by regulators or the broader crypto community. A few things worth watching in the weeks ahead:

Security audits: Community pressure for a transparent, independent audit of Polymarket's vendor relationships and frontend infrastructure will likely grow.
Platform monitoring: Real-time frontend integrity checks are not yet standard across Web3 platforms. This breach may accelerate adoption.
User confidence: Post-breach trading volume will be the clearest signal of how much trust the platform retains.

Conclusion

Polymarket's June 25 breach is a direct result of a compromised vendor not a flaw in the blockchain itself. With fewer than 15 accounts hit and full reimbursements promised, the immediate damage is limited. But two security incidents in under two months tells a larger story about the risks that come with relying on external infrastructure. How Polymarket responds from here will matter far more than the breach itself.

Disclaimer

This article is based on publicly available information and on-chain data as reported at the time of publication. It does not constitute financial or investment advice. Always conduct your own research before engaging with any crypto platform.

About the Author Dishika Ahuja

English News Writer at coingabbar.com

Dishika Ahuja is a skilled crypto writer with a year of experience in blockchain and digital assets. She excels at breaking down complex concepts, making the world of cryptocurrency accessible to all. From Bitcoin and altcoins to NFTs and DeFi, Dishika presents the latest trends in a straightforward and easy-to-understand manner. She keeps a close eye on market updates, price shifts, and emerging innovations to deliver insightful content. Her writing supports both newcomers and seasoned investors in navigating the fast-changing crypto landscape. Dishika is a firm believer in blockchain technology and its potential to transform global finance.