Crypto news

The prediction market platform Polymarket has officially confirmed a compromise through a third-party provider. As the investigation revealed, a malicious script was injected into the client-side (frontend) of the website for a subset of users. The team stated that the threat has been contained, the compromised dependency has been removed, and affected users will receive full compensation for their losses.

However, the community's reaction has been far more severe than a simple discussion of the incident itself. Critics remind that Polymarket was warned about the risk of such an attack back in April 2026, and those warnings were ignored.

Timeline of the Incident and April Warnings

According to the platform's statement, the attack occurred through a compromised contractor. Malicious code was injected into the interface and affected a portion of the user base. The team now claims the threat has been neutralized and those affected will receive full compensation.

But the core of the community's grievances lies not in the breach itself, but in the negligent attitude towards security. One user on X (formerly Twitter) published screenshots dated April 28, 2026, where they directly pointed out the vulnerability and warned the Polymarket team about a potential attack through third-party dependencies.

According to them, in April the platform not only ignored these concerns but also publicly mocked discussions of a possible compromise, boasting about its own cybersecurity. The user claims that taunting potential attackers, especially for a large organization, is a recipe for disaster. Their arguments, as they note, were disregarded.

This incident is a stark confirmation that arrogance in security matters often leads to costly consequences. Polymarket, being a prominent target in the crypto ecosystem, should have not only responded to warnings but also proactively built its defenses. Ignoring community signals is a direct path to losing trust.