Polymarket Hack Losses Climb to $3.1 Million

What to Know

• Polymarket’s latest security incident has been updated to about $3.1 million in losses.
• Blockchain intelligence firm AMLBot said the attackers drained PUSD from 11 user wallets.
• The stolen funds were moved from Polygon to Ethereum, adding complexity to the recovery effort.
• Polymarket said a compromised third-party vendor injected a malicious script into its frontend.
• The platform said it has removed the dependency tied to the incident.
• Polymarket pledged full refunds to affected PUSD holders.
• The hack comes during a period of heightened scrutiny and follow-up security concerns around the prediction market platform.
• Recent reports have also linked Polymarket to a federal investigation over allegedly deceptive social media promotions.

Loss Estimate Rises After On-Chain Review

Polymarket’s latest security setback has been re-estimated at roughly $3.1 million after blockchain analysts tracked the movement of stolen PUSD across networks. According to AMLBot, the attackers targeted 11 user wallets before shifting the assets from Polygon to Ethereum, a move that can make tracing and recovery more difficult.

The updated figure underscores how quickly damage assessments can change once investigators review on-chain activity in detail. In crypto incidents, initial reports often capture only a portion of the total impact, especially when attackers use cross-chain transfers to obscure the trail of funds.

Polymarket Points to a Third-Party Vendor

In its public explanation, Polymarket said the incident was triggered when a compromised third-party vendor injected a malicious script into the platform’s frontend. The company said it removed the dependency associated with the attack, signaling an effort to close the entry point used by the hackers.

That detail matters because frontend compromises can affect users without requiring a direct breach of the platform’s core wallet infrastructure. When malicious code is inserted into a website or application interface, users may sign transactions that appear normal while the underlying instructions have been altered.

For a prediction market platform, trust in the user interface is just as important as trust in custody and settlement systems. Even a brief exposure to malicious code can create losses, trigger panic, and force the company into emergency response mode.

Refund Pledge Seeks to Limit User Damage

Polymarket has pledged to fully refund affected PUSD holders, a move that may help reduce immediate customer fallout. Refund commitments are often critical in crypto security incidents because users typically expect rapid clarity on who bears the loss and how reimbursement will be handled.

The promise of repayment may also be aimed at preserving confidence among traders who rely on the platform for event-based markets. In a sector where liquidity and participation depend heavily on perceived safety, the speed and transparency of the response can be nearly as important as the technical fix.

Still, a refund pledge does not erase the reputational damage that follows a major exploit. Users are likely to watch closely for details on eligibility, timing, and whether the reimbursement process will be automatic or require claims submissions.

A Fresh Blow Amid Mounting Scrutiny

The phishing attack arrives after a series of recent security incidents involving Polymarket, adding to concerns about the platform’s operational resilience. Each new incident raises questions about vendor oversight, interface security, and how rigorously the company is vetting external dependencies.

The timing is especially sensitive because news reports have also said Polymarket is under federal investigation over allegedly deceptive social media promotions. While the investigation and the hack are separate issues, together they create a more difficult backdrop for the company as it tries to reassure users and regulators.

Prediction markets have benefited from rising mainstream interest, but they are also being held to a higher standard as users place real value on platform integrity. Repeated incidents can quickly shift the narrative from growth to governance, especially when losses are measured in millions rather than thousands.

Why Cross-Chain Theft Complicates Recovery

When stolen funds move from one blockchain to another, investigators must follow a more complicated trail through multiple ecosystems. In this case, the transfer from Polygon to Ethereum adds an extra layer of difficulty because assets can be swapped, routed, or fragmented once they land on a new chain.

That kind of movement also increases pressure on exchanges and analytics firms to flag suspicious addresses quickly. The sooner a suspicious path is identified, the more likely it is that some portion of the assets can be monitored or frozen if they reach a centralized venue.

For users, the lesson is clear: even platforms with strong brand recognition can be vulnerable to attacks that begin outside the core protocol. Third-party risk remains one of the most underestimated weak spots in crypto infrastructure.

What Users Should Watch Next

The next major questions are whether Polymarket can contain the fallout, how it will execute refunds, and whether investigators can identify the actors behind the exploit. Users will also be looking for a more detailed postmortem that explains how the malicious script was introduced and what controls failed.

Beyond the immediate incident, traders may want to know what new safeguards will be implemented to reduce the chance of another frontend compromise. Clear communication, independent security reviews, and tighter vendor controls will likely be central to any recovery effort.

For now, the updated $3.1 million estimate makes the incident one of the more notable recent crypto security events tied to a consumer-facing trading platform. The combination of loss, user refunds, and regulatory pressure ensures the story is likely to remain in focus as Polymarket works to stabilize confidence.

Frequently Asked Questions (FAQs)

How much was stolen from Polymarket?

AMLBot said about $3.1 million in PUSD was stolen from 11 user wallets.

Which networks were involved in the transfer?

The stolen funds were moved from Polygon to Ethereum, according to blockchain tracking.

What caused the attack?

Polymarket said a compromised third-party vendor injected a malicious script into its frontend.

Did Polymarket remove the vulnerable component?

Yes. The platform said it removed the dependency linked to the incident.

Will affected users be repaid?

Polymarket said it will fully refund affected PUSD holders.

Was this the only recent security issue for Polymarket?

No. The attack comes amid a series of recent security incidents affecting the platform.

Is Polymarket facing regulatory attention?

News reports have said the platform is under federal investigation over allegedly deceptive social media promotions.

Why does a cross-chain transfer matter?

Moving stolen assets between blockchains can make tracing, freezing, and recovery more difficult.

What should users look for next?

Users should watch for refund timelines, a security postmortem, and any new safeguards against vendor-related attacks.

Photo by Erik Mclean on Pexels