Polymarket confirms hackers stole user funds in third-party breach

Prediction market giant Polymarket confirmed that hackers stole funds from an unspecified number of users after a third-party breach. Polymarket said in an X post on Thursday that a compromise at a third-party vendor allowed hackers to inject malicious code into its website "for some users." The company said it has "contained" the incident and is now contacting the affected victims and "refunding them in full." As of Thursday afternoon, it's unclear exactly what happened. When reached by TechCrunch, Polymarket spokesperson Connor Brandi confirmed that the breach led to users' funds being stolen but declined to provide more information, and did not respond to specific questions about the incident.

Around the same time as the Polymarket post, blockchain monitoring firm PeckShield reported on X that a phishing campaign was targeting Polymarket users. According to PeckShield, hackers had stolen around $3 million worth of cryptocurrency. A blockchain analyst also reported similar losses and claimed that the funds were stolen from more than 11 victims.

Polymarket offers users the possibility of being paid in cryptocurrency. In the last couple of days, two people on social media claimed to have had their Polymarket funds stolen. The hack is the latest blow for a company that has been in the headlines for the wrong reasons this week.

On Sunday, an investigation revealed that Polymarket had paid online creators to post deceptive videos showing they won lucrative bets that were actually fake. In response, the company said it would audit its promotional content. Why this matters: The breach at Polymarket highlights the vulnerabilities that can arise from third-party dependencies in the fintech and cryptocurrency sectors.

For users, this incident serves as a reminder to be vigilant about the security practices of platforms they engage with, especially those handling financial assets. For developers and businesses, the breach underscores the importance of robust security measures and thorough vetting of third-party vendors. As the company moves to refund affected users, questions remain about the extent of the breach and the measures being taken to prevent future incidents.

The incident also comes at a sensitive time for Polymarket, which is facing scrutiny over its promotional practices. The coming weeks will likely see increased scrutiny of the company's security and business practices, and how it responds to these challenges will be crucial for restoring user trust.