Polymarket was hit by a nearly $3 million hack after attackers compromised a third-party vendor and injected malicious code into parts of the prediction market platform’s frontend, exposing some users to wallet-draining transactions.
In a post on X, Polymarket said the incident stemmed from a breached outside vendor that allowed a malicious script to appear on its website for some users. The company said it had contained the issue, removed the affected dependency and begun contacting impacted users, adding that those affected would be reimbursed in full.
The disclosure points to a frontend compromise rather than a publicly identified exploit of Polymarket’s underlying market contracts. Still, the attack shows how crypto users can be exposed through the interfaces they rely on to approve transactions, even when the core protocol itself is not reported to have failed.
Wallet trail points to coordinated drain
On-chain investigators said the attack appeared to be a phishing-style wallet drain carried out through Polymarket’s compromised frontend.
Security analyst Specter estimated the stolen funds at about $2.94 million, saying more than 11 wallets holding PUSD were drained before the assets were swapped into ETH and consolidated into a single address.
Bubblemaps, the blockchain analytics firm, also placed the damage near $3 million, saying the attacker drained funds from fewer than 15 wallets after the compromised frontend exposed users to malicious transactions.
Two breaches, distinct attack methods
The latest breach marks Polymarket’s second reported security incident in just over a month, showing how quickly security risks can shift between internal infrastructure and user-facing tools in crypto markets.
In May, on-chain investigator ZachXBT flagged an earlier exploit involving about $520,000 on Polygon. The incident was later linked to a compromised private key connected to Polymarket’s internal operations and rewards infrastructure, while Polymarket developers said at the time that user funds were safe and market resolutions were not affected.
Polymarket hack follows May’s $68M crypto losses
Prediction market hacks are a fraction of the wider crypto theft landscape, with recent industry data showing that losses across the sector remain heavily concentrated in broader exploit, wallet and bridge attacks.
According to CertiK, crypto losses from hacks and exploits fell to about $68.3 million in May 2026, down nearly 90% from roughly $650 million in April.
CertiK also said bridge-related incidents had already caused more than $328 million in losses so far in 2026, while wallet compromises had become the largest attack vector by value.
Seen against the wider industry data, Polymarket’s reported incidents stand out within the prediction market sector, but represent only a small part of the broader wave of crypto theft hitting wallets, bridges and trading platforms.
