Polymarket, the decentralized prediction market that became a household name during the 2024 US election cycle, confirmed that a security breach on June 25 drained approximately $3.1 million in user funds. The platform has committed to making every affected user whole through full refunds.
The attack targeted Polymarket’s frontend through a compromised third-party vendor, meaning the platform’s core smart contracts were never actually breached. Between 11 and 15 wallets were impacted, with the stolen funds consisting primarily of pUSD, Polymarket’s USDC-backed stablecoin.
A supply-chain problem, not a protocol problem
Polymarket moved quickly to remove the affected dependency from its system and began contacting impacted users. On-chain analysts from PeckShield, SpecterAnalyst, and GoPlus Security tracked the stolen pUSD as it was swapped for ETH and consolidated into fewer wallets.
The company has emphasized that its underlying protocols remain secure.
