350/69 Monday, June 29, 2026
Polymarket disclosed that it will fully compensate affected users after a supply chain attack caused customers to lose a total of approximately USD 3 million. The incident occurred after attackers injected malicious JavaScript into the website’s frontend through a third-party provider associated with the website’s dependency. However, Polymarket stated that its core servers and backend systems were not affected by the incident.
Polymarket is a cryptocurrency-based prediction market platform that allows users to trade contracts representing predictions on the outcomes of various events, such as sports, economic indicators, weather, awards, political results, laws, and military conflicts. During the attack, users who visited Polymarket’s official website were tricked into approving fraudulent transactions after the malicious script was injected through the frontend provider. As a result, some users’ funds were stolen.
Although Polymarket has not yet disclosed the technical details of the incident, blockchain intelligence firms estimated the damage at approximately USD 3 million and said that only a small number of user accounts were affected. PeckShield stated that the incident resembled a phishing campaign that stole approximately USD 3 million worth of ParyonUSD before the attackers bridged the funds from Polygon to Ethereum and swapped them for approximately 1,893 ETH. Meanwhile, Bubblemaps stated that the incident affected fewer than 15 user accounts and published partial information about the affected accounts and wallets holding the stolen funds.