Polymarket Hack: How Third-Party Vendors Risk Your Crypto

What We Know: The Basics of the Breach

Polymarket, one of the largest prediction market platforms in the crypto space, confirmed on X that hackers stole funds from users after attackers compromised a third-party vendor. The breach allowed the attackers to inject malicious code directly into Polymarket's website, though the company specified the code ran "for some users" — a detail that raises immediate questions about whether the attack was deliberately targeted or only partially executed before detection.

Polymarket spokesperson Connor Brandi confirmed to TechCrunch that the vendor compromise resulted in direct theft of user funds. Beyond that confirmation, the company declined to answer specific questions about the incident, leaving the scale of the financial damage, the identity of the compromised vendor, and the exact mechanism of the malicious code injection all officially unaddressed.

The platform says it has contained the breach and is reaching out directly to affected users, committing to full refunds. No figure for total stolen funds has been disclosed.

Blockchain monitoring firm PeckShield flagged suspicious activity around the same time Polymarket made its public announcement, adding an independent layer of confirmation that something significant moved on-chain during the incident window.