Polymarket hack updated to $3.1 million days after the platform promised users full refunds

Blockchain intelligence firm AMLBot updated on X Saturday the amount hackers stole from 11 user wallet accounts on Polymarket to roughly $3.1 million in the prediction markets token PUSD.

It said the assets were stolen from Polygon and immediately bridged to Ethereum and that it continues to monitor Polymarket accounts.

Polymarket did not respond to a CoinDesk request for comment as of US morning hours on Saturday.

Immediately after the attack was made public, Polymarket pledged full refunds to victims holding its native collateral and settlement token PUSD used for all trading on the decentralized prediction platform.

"This morning we discovered a third party vendor had been compromised, injecting a malicious script into our frontend for some users," Polymarket said Thursday on X. "We've contained it and removed the affected dependency. We're contacting impacted users and refunding them in full."

Blockchain security firm PeckShield reported via X on Thursday that hackers had deployed a phishing campaign targeting Polymarket users. It said the attacker or attackers had bridged the stolen funds initially estimated at roughly 1,893 ETH.

On Thursday as well, Specter Analyst, another blockchain intelligence platform, said on Thursday that “It appears there may be a phishing attack targeting Polymarket users, with estimated losses of $2.94M so far.”

One of the victims of the hack, Ash, on X wrote that his wallet had been hacked and had no idea why at the time. Ash also shared his and the attacker’s wallet addresses.

Polymarket has suffered other security breaches recently. In March, blockchain investigator ZachXBT highlighted a suspected security breach. He said over $520,000 was reportedly drained from two smart contracts on the Polygon blockchain. Polymarket then said the funds were safe.

In December, the platform confirmed a security incident on its Discord channel after users reported missing funds and suspicious login attempts. It blamed an unidentified third-party login provider for those account breaches.

The news of the phishing attack follows reports that Polymarket is under federal investigation following a Wall Street Journal article into the prediction markets platform deceptive social media promotion of users boasting winnings.