markets

Polymarket Suffers $2.9M Hack, Promises Full Refunds

A malicious script hit Polymarket's frontend, draining $2.9M from users. The platform says it's contained and refunds are coming.

Polymarket just got hit hard. Attackers managed to inject a malicious script directly into the prediction market platform's frontend, pulling off a $2.9 million theft that rattled the crypto betting community. If you had funds on the platform, this one stings.

The good news — and it's actually good — Polymarket moved fast. The team says it identified the compromised dependency, ripped it out, and contained the breach before it could spread further. That's the kind of rapid response that at least shows someone's watching the dashboard.

Read more BoE's Mann: Fewer Rate Hike Bets Are Why She'd Hike More →

Here's what matters most to you as a user: Polymarket has committed to making affected users whole. Full refunds are on the table, which is a meaningful pledge in a space where hacked platforms often go dark or drag their feet. Keep an eye on your wallet and any official communication from the team.

Frontend supply-chain attacks are a growing headache across Web3. When a malicious actor poisons a dependency — a third-party package your app leans on — every user who loads the site becomes a potential target. It's sneaky, it's effective, and it's why smart money always double-checks URLs and limits approvals. This Polymarket incident is a fresh reminder that even legit, well-known platforms carry this risk.

Bottom line: the hole is patched, refunds are promised, and Polymarket is still operational. Whether you trust the platform enough to stay is your call — but at least they're not ghosting you. Continue reading at Cointelegraph.

Continue reading at Cointelegraph →

Frequently Asked Questions

Q.How much was stolen in the Polymarket hack?

Attackers drained approximately $2.9 million from Polymarket users by injecting a malicious script into the platform's frontend.

Q.Will Polymarket refund users affected by the hack?

Yes, Polymarket has stated that affected users will be refunded following the $2.9 million theft.

Q.How did the Polymarket attack happen?

Attackers injected a malicious script into Polymarket's frontend via a compromised dependency. The platform identified and removed the affected package to contain the breach.

More in markets →