Polymarket Phishing Attack Reaches $3.1 Million — Platform Vows Full Refunds to Affected Users
A cyberattack targeting the decentralized prediction platform Polymarket has turned out to be significantly larger than initially reported. According to blockchain intelligence firm AMLBot, hackers successfully drained approximately $3.1 million worth of PUSD tokens — Polymarket's native collateral and settlement token — from 11 separate user wallets. The updated figure was shared on X over the weekend, days after the platform first acknowledged the incident and committed to compensating affected users in full.
AMLBot confirmed that the stolen assets were originally held on the Polygon blockchain before being quickly bridged over to Ethereum. The firm stated that it is continuing to monitor activity across Polymarket-linked accounts as part of its ongoing investigation into the breach.
Polymarket addressed the incident publicly, explaining that the attack stemmed from a compromised third-party vendor. According to the platform, the vendor had injected a malicious script directly into Polymarket's frontend interface, which affected a portion of its user base. "We've contained it and removed the affected dependency. We're contacting impacted users and refunding them in full," the company stated in a post on X. Despite these assurances, Polymarket had not responded to media inquiries as of Saturday morning.
Blockchain security firm PeckShield was among the first to flag the phishing campaign on Thursday, noting that the attacker — or group of attackers — had bridged stolen funds initially estimated at around 1,893 ETH. Separately, Specter Analyst, another blockchain intelligence provider, estimated total losses at approximately $2.94 million at the time of its initial report — a figure that has since been revised upward.
At least one victim publicly shared their experience. A user identified as Ash posted on X that their wallet had been compromised, saying they had no idea why it had happened. Ash also published both their own wallet address and the attacker's address, providing additional data points for investigators tracking the stolen funds.
This incident is not an isolated event for Polymarket. The platform has faced a string of security issues in recent months. Back in March, prominent blockchain investigator ZachXBT flagged a suspected breach involving two smart contracts on the Polygon network, with reports suggesting over $520,000 had been drained — though Polymarket subsequently claimed the funds were safe. Prior to that, in December, the platform confirmed a security incident via its Discord server after users reported missing funds and unauthorized login activity. That breach was attributed to an unidentified third-party login provider.
The latest attack is unfolding against a broader backdrop of legal and regulatory scrutiny. According to recent reports, Polymarket is under federal investigation in connection with allegedly deceptive social media marketing practices. A Wall Street Journal article had previously raised concerns about promotional content featuring users boasting about their winnings on the platform — an issue that has reportedly drawn the attention of federal authorities.
As Polymarket works to process refunds and shore up its security infrastructure, the series of incidents raises pressing questions about the platform's resilience and the risks faced by users of decentralized prediction markets more broadly.
