# Polymarket Vows Full Reimbursement After a Vendor Breach Lets Hackers Drain $3 Million

> A hack of one of Polymarket's outside vendors left the platform's website open to an exploit, allowing attackers to siphon roughly $3 million in customer funds. The company says it is now refunding affected users in full.

**Type:** article · **Category:** Business · **Published:** 2026-06-25 · **Source:** TrendKia
**Canonical:** https://trendkia.com/en/business/tisare-paksha-ke-vendara-men-sendha-se-polymarket-yujarsa-ko-30-lakha-dolara-ki-chapata-knpani-degi-pura-paisa-vapasa-3061 · **Language:** English
**Tags:** Polymarket hack, crypto hack, pUSD stablecoin, blockchain security, prediction market, Bubblemaps, Ethereum wallet

The prediction market platform Polymarket has been hit by a major exploit that drained roughly $3 million from its users' funds. The breach traces back to Thursday, when one of the company's third-party vendors was hacked, leaving Polymarket's website exposed to an attack.

In a post on X, the company explained that the hack let attackers inject malicious code into the prediction market's front-end. Polymarket did not say publicly which of its vendors had been compromised.

> 

## $3 Million Gone, Fewer Than 15 Accounts Hit
In the end, the hackers made off with around $3 million in customer money. According to blockchain investigations firm Bubblemaps, on-chain data shows the potential damage was largely contained, with fewer than 15 user accounts affected. On June 25, 2026, Bubblemaps also shared the addresses of some of the impacted Polymarket accounts.

Polymarket says it is in the process of refunding affected customers in full, and that the front-end issue has been contained and removed.

## How the Funds Were Drained
The attackers pulled money from Polymarket customer wallets holding pUSD, the platform's own dollar-pegged stablecoin backed by USDC that is used to facilitate every trade on the site. They then converted the stolen funds into ETH and compiled them into an Ethereum wallet, where, as of writing, they remain.

## A Second Hit in As Many Months
This is not the first time Polymarket has been targeted. Last month, the company suffered another hack, this one involving a wallet that employees used to top up and pay out user rewards. That exploit cost roughly $700,000 and was likely caused by a private key compromise. At the time, experts said it did not appear to affect the company's infrastructure or pose broader risks.

## What the Attack Reveals
It remains unclear what steps the prediction market platform can take to prevent such an exploit in the future, given that it relies on external, third-party businesses that are apparently directly involved in running the site. Both last month's incident and this one point to the same uncomfortable reality: even when a company's core protocols stay secure, hackers can still infiltrate big firms around the edges.

## What this means for you
- **For Polymarket users:** The fewer than 15 accounts that lost money are being refunded in full, so affected customers can expect to recover their funds.
- **For crypto investors:** The incident is a reminder that even when a platform's core protocol is secure, a flaw in an outside vendor or website can put your funds at risk, so stay cautious.

## Questions & Answers

### 1. How much money was lost in the Polymarket hack?
The attackers stole roughly $3 million worth of customer funds.

### 2. How did the hack happen?
On Thursday, one of Polymarket's third-party vendors was hacked, leaving the website vulnerable and allowing attackers to inject malicious code into the front-end.

### 3. How many user accounts were affected?
According to Bubblemaps, fewer than 15 user accounts were affected and the damage was largely contained.

### 4. Will users get their money back?
Yes, Polymarket says it is in the process of refunding affected customers in full.

### 5. Where did the stolen money go?
The attackers drained pUSD from customer wallets, converted it into ETH, and compiled it into an Ethereum wallet, where it still remains.

### 6. What is pUSD?
pUSD is Polymarket's own dollar-pegged stablecoin, backed by USDC, that is used to facilitate every trade on the platform.

### 7. Has Polymarket been hacked before?
Yes, last month the company suffered another hack that cost roughly $700,000, likely caused by a private key compromise.

---
_TrendKia — Har trend, sabse pehle.. Machine-readable view; canonical HTML at the URL above._