On June 25, Polymarket suffered a theft of around $3 million after hackers compromised a third-party vendor and injected a harmful script into the site’s frontend, according to Gizmodo and Gncrypto. Losses from this attack came from more than 11 victim wallets—mostly holding PUSD stablecoin—and affected fewer than 15 users. The company says every affected user will get a complete refund as it contains the fallout and protects funds. Those impacted by the roughly $3 million drain are now waiting for refunds Polymarket promised soon.

flow wp-block-quote-is-layout-flow">

“We’re contacting impacted users & refunding them in full”, according to Gizmodo.

— Polymarket, at

How the Polymarket Breach Unfolded

The breach traces back to a third-party vendor compromise, which let hackers inject malicious code into Polymarket’s frontend seen by certain users. Gncrypto notes the attack took place on June 25 and led to about $3 million being pulled from fewer than 15 accounts, nearly all with PUSD. Attackers targeted at least 11 wallet addresses, showing how the exploit focused on a limited group. Read more background inMoonPay Brings Crypto Buying to ChatGPT in May 2026.

Scale of Losses and Affected Users

Estimates from Gizmodo put losses at $3 million, drained in what firms call a precise attack on just a handful of high-balance wallets. While Polymarket’s core contracts stayed safe, hackers used the user-facing interface, highlighting dangers from weak outside code. no user needed to touch phishing links, making this attack quiet and complex.

Polymarket’s Immediate Response and Refunds

Gizmodo reports Polymarket rapidly reached out to those affected and pledged to refund them fully. Every user impacted would be made whole, according to team promises. Fast public updates and advanced tracking helped spot victims quickly—likely preventing worse outcomes. Internal logs, as Gncrypto describes, guided targeted outreach and stopped scammers from preying on fresh victims.

Third-Party Vendor Risks in DeFi Infrastructure

Details from Theverge show the problem started with a single vendor, not in Polymarket’s core system. Growing risks around outside vendors plague many DeFi platforms in 2026, especially with more credential leaks. One weak outside service can dodge all protocol security, as Gncrypto explains, even for well-audited platforms. Extra scrutiny of outside code is now common—some teams even ban unknown code or require tougher checks.

Industry Reaction and User Trust

This breach sparked big debates about frontend safety versus contract security, according to Gizmodo and Gncrypto. Demand for prediction markets surged early in 2026, which brought lawmakers and customers to question how safe these platforms truly are. The choice by Polymarket to refund users and admit the vendor fault gave some relief—but invited new doubts too. Users now want proof of reserves and regular, deeper audits to show platforms really protect funds. Theverge points out that regulatory interest grows as similar hacks occur, which might soon sharpen standards across DeFi. Experts say more attacks are likely if platforms don’t take stronger precautions. Attention on Polymarket’s losses is growing right as U.S. officials look closely at prediction market rules.

Prior Incidents and the Outlook for User Safety

Past DeFi hacks since early 2025 led to major losses, with few projects offering user refunds like Polymarket. Gizmodo highlights that Polymarket’s plan ranks among DeFi’s biggest direct user payouts in 2026—beating others who only covered partial losses after vendor errors.

Next Steps for Polymarket and Impact on DeFi Security Practices