Polymarket acknowledged the hack: April cyber threat warnings were ignored.
The prediction market platform Polymarket has officially confirmed a compromise of its client interface. The incident occurred through a third-party contractor: a malicious script was injected into the frontend for some users. The team states that the threat has been localized, the problematic dependency has been removed, and affected users are promised full reimbursement of funds.
Timeline of the hack and community reaction
According to the official statement, the attack was made possible due to a vulnerability in the supply chain. Attackers gained access to the code through a compromised vendor. Polymarket emphasizes that all user funds are safe and that the incident did not affect smart contracts or the underlying infrastructure.
However, the reaction from the crypto community was harsh. The key criticism is not so much the hack itself, but that such a scenario was warned about as early as April 2026. One user on X (formerly Twitter) published screenshots proving they had documented their concerns several months before the incident.
April warnings and disregard for risks
According to this user, in April, Polymarket publicly mocked discussions about a possible compromise, which did not exist at the time. The platform allegedly boasted about its own cybersecurity capabilities, effectively challenging potential attackers. He warned the project team: taunting hackers is a sure recipe for disaster for a large organization that is already a prominent target. These arguments, he claims, were ignored.
What happened only confirms the correctness of those who were mocked. The user also suggested that this is neither the first nor the last time Polymarket and its users will be targeted by hackers. Recall that we previously analyzed a situation where a trader on the platform lost $5.8 million in one day, which also points to systemic risks for market participants.
My expert assessment: This incident is a classic example of how arrogance and neglect of security audits can lead to real losses. Polymarket, as one of the leaders in the prediction market segment, should have treated every community warning as a signal to immediately strengthen defenses. Ignoring such signals not only undermines trust in a specific platform but also casts a shadow over the entire decentralized application industry, where security should be an absolute priority, not a subject for mockery.