A major breach at Polymarket has allowed hackers to steal crypto from user wallets, the company confirmed on Thursday.
The extent of the hack is unclear, but Polymarket has promised to refund all impacted users. As spotted by Gizmodo, independent analysts on X estimate the losses to be in the millions.
“This morning we discovered a 3rd party vendor had been compromised, injecting a malicious script into our frontend for some users,” Polymarket said in an X post. “We’ve contained it & removed the affected dependency. We’re contacting impacted users & refunding them in full.”
On X, on-chain investigator @SpecterAnalyst suggested that a phishing attack targeted Polymarket users, “with estimated losses of $2.94M so far” from 11+ victim wallets holding Polymarket’s PUSD stablecoin. The scammers then swapped the stolen PUSD for Ethereum.
In response to that tweet, Polymarket’s head of growth, William LeGate, said, “We’ve resolved the issue & are refunding affected users in full.”
Polymarket is a cryptocurrency-based prediction platform where users can bet on the probability of future events across sports, politics, pop culture, and other topics. News about the security breach arrives days after the platform was accused of paying creators to publish videos featuring fake bets and winnings. Following The Wall Street Journal‘s investigation, the platform said it would audit its existing promotional content.
Kalshi is the other big player in the prediction markets, and its co-founder, Luana Lopes Lara, said earlier this month that these markets could eventually grow bigger than the stock exchange. Given the trend, it’s no surprise Meta reportedly wants a prediction platform of its own.
PCMag and Yahoo may earn commission from links in this article.
