{"id":33276,"date":"2026-06-28T13:58:48","date_gmt":"2026-06-28T13:58:48","guid":{"rendered":"https:\/\/bitunikey.com\/news\/polymarket-hack-losses-rise-to-3-1m-as-refund-pledge-faces-scrutiny\/"},"modified":"2026-06-28T13:58:55","modified_gmt":"2026-06-28T13:58:55","slug":"polymarket-hack-losses-rise-to-3-1m-as-refund-pledge-faces-scrutiny","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/polymarket-hack-losses-rise-to-3-1m-as-refund-pledge-faces-scrutiny\/","title":{"rendered":"Polymarket hack losses rise to $3.1M as refund pledge faces scrutiny"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">Polymarket\u2019s latest security incident has grown larger after blockchain intelligence firm AMLBot updated the estimated losses to about $3.1 million.<\/p>\n<div id=\"cn-block-summary-block_a4ab460d8b722b4b01626c5bf3a95242\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Polymarket\u2019s frontend phishing attack now shows $3.1 million in losses across 11 user wallets.<\/li>\n<li>The platform says a compromised third-party vendor injected malicious code into parts of its frontend.<\/li>\n<li>The refund pledge comes as lawmakers press regulators over alleged deceptive prediction market advertising practices.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>The prediction market platform had earlier promised to refund affected users after saying a third-party vendor compromise allowed malicious code to reach some users through its frontend.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<h2 class=\"wp-block-heading\"><strong>Hack losses rise to $3.1M<\/strong><\/h2>\n<p>AMLBot <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/AMLBotHQ\/status\/2070817697974116598?s=20\" target=\"_blank\" rel=\"nofollow\">said<\/a> hackers stole about $3.1 million in PUSD from 11 user wallets. The firm said the funds were taken from Polygon and quickly bridged to Ethereum.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-x wp-block-embed-x\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Polymarket Under Attack<\/p>\n<p>Polymarket users were drained of ~$3.1M in PUSD on Polygon via phishing \/ malicious EIP-7702 delegated execution.<\/p>\n<p>Funds were converted to USDC.e via Relay, bridged to Ethereum, swapped to ETH, and consolidated at\u2026 <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/t.co\/bG3GYZZ1D9\">pic.twitter.com\/bG3GYZZ1D9<\/a><\/p>\n<p>\u2014 AMLBot (@AMLBotHQ) <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/AMLBotHQ\/status\/2070817697974116598?ref_src=twsrc%5Etfw\">June 27, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>The update raises the loss figure from earlier estimates near $2.94 million. Specter Analyst had first <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/SpecterAnalyst\/status\/2070152064051605517\" target=\"_blank\" rel=\"nofollow\">flagged<\/a> the attack as a phishing campaign that drained funds from at least 11 wallets holding PUSD.<\/p>\n<p>Polymarket said in a <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/PolymarketTrade\/status\/2070155882906730671\" target=\"_blank\" rel=\"nofollow\">June 25 post<\/a> that it found a third-party vendor had been compromised. The company said the vendor issue allowed attackers to inject a malicious script into the platform\u2019s frontend for some users.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cWe\u2019ve contained it &amp; removed the affected dependency.\u201d It also said it was contacting affected users and \u201crefunding them in full,\u201d the platform said.<\/p>\n<\/blockquote>\n<h2 class=\"wp-block-heading\"><strong>Frontend attack targeted user wallets<\/strong><\/h2>\n<p>The attack appears to have targeted users through the website interface rather than the core protocol. That type of attack can trick users into approving harmful wallet activity while they believe they are using the normal platform.<\/p>\n<p>PeckShield said the attacker bridged stolen funds from Polygon to Ethereum and swapped them into about 1,893 ETH. Specter also said the funds were consolidated into an Ethereum address after the phishing activity.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-x wp-block-embed-x\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/hashtag\/PeckShieldAlert?src=hash&amp;ref_src=twsrc%5Etfw\">#PeckShieldAlert<\/a> Specter has reported that a <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/hashtag\/phishing?src=hash&amp;ref_src=twsrc%5Etfw\">#phishing<\/a> campaign appears to be targeting <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/hashtag\/Polymarket?src=hash&amp;ref_src=twsrc%5Etfw\">#Polymarket<\/a> users, with ~$3M worth of <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/search?q=%24PUSD&amp;src=ctag&amp;ref_src=twsrc%5Etfw\">$PUSD<\/a> drained.<\/p>\n<p>The attacker bridged the stolen funds from <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/hashtag\/Polygon?src=hash&amp;ref_src=twsrc%5Etfw\">#Polygon<\/a> to <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/hashtag\/Ethereum?src=hash&amp;ref_src=twsrc%5Etfw\">#Ethereum<\/a> and swapped them into ~1,893 <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/search?q=%24ETH&amp;src=ctag&amp;ref_src=twsrc%5Etfw\">$ETH<\/a>. <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/t.co\/Li4nZY1me4\">pic.twitter.com\/Li4nZY1me4<\/a><\/p>\n<p>\u2014 PeckShieldAlert (@PeckShieldAlert) <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/PeckShieldAlert\/status\/2070157742514618443?ref_src=twsrc%5Etfw\">June 25, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>A frontend attack can be difficult for users to detect in real time. The site may look normal, but the code loaded in the browser can create unsafe wallet prompts.<\/p>\n<p>The incident also puts focus on third-party dependencies. Even if a platform\u2019s smart contracts remain unchanged, outside code used in a website can create risk for users who connect wallets.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Earlier incidents add pressure<\/strong><\/h2>\n<p>The latest incident follows other Polymarket security issues. In March, blockchain investigator ZachXBT flagged a suspected breach after more than $520,000 was reportedly drained from two Polygon smart contracts.<\/p>\n<p>Polymarket later said funds were safe in that case. In December, the platform also confirmed an incident on its Discord channel after users reported missing funds and suspicious login attempts.<\/p>\n<p>A previous report said the latest attack was recorded by DefiLlama as the 89th crypto security breach of the second quarter. The same report said that count made the quarter the highest on record by number of reported incidents.<\/p>\n<p>The growing incident count shows why platforms now face closer checks across smart contracts, wallets, login systems, frontend code and outside vendors.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Regulatory scrutiny widens<\/strong><\/h2>\n<p>The hack also arrives as Polymarket faces new regulatory attention. A recent report said U.S. Senators Adam Schiff and John Curtis urged the CFTC to review allegations tied to deceptive advertising practices.<\/p>\n<p>The senators asked whether Polymarket promoted markets through simulated trading websites, staged transactions and undisclosed paid influencer campaigns. They also questioned whether the CFTC has enough tools to oversee prediction markets and protect users.<\/p>\n<p>Polymarket and Kalshi are also part of a wider legal fight over sports event contracts. Kentucky has accused prediction market firms of offering unlicensed sports betting, while the CFTC has argued that federally regulated event contracts fall under its authority.<\/p>\n<p>As previously reported, the cases may help decide whether sports-linked prediction markets answer mainly to federal derivatives rules or state gambling laws.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Polymarket\u2019s latest security incident has grown larger after blockchain intelligence firm AMLBot updated the estimated losses to about $3.1 million. Summary Polymarket\u2019s frontend phishing attack now shows $3.1 million in&hellip;<\/p>\n","protected":false},"author":1,"featured_media":29977,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-33276","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/33276","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=33276"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/33276\/revisions"}],"predecessor-version":[{"id":33277,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/33276\/revisions\/33277"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/29977"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=33276"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=33276"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=33276"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}