Polymarket acknowledged the hack: the community reminds of ignoring April warnings.
The prediction platform Polymarket has officially confirmed a compromise of one of its third-party providers. As a result of this attack, a malicious script was injected into the frontend for a subset of users. According to the project's management, the incident was contained, the problematic dependency was removed, and efforts are underway to fully compensate affected users.
Timeline of the Incident
According to Polymarket's statement, attackers gained access through a compromised third-party contractor. The malicious code was injected into the platform's frontend, affecting a specific group of users. The project team reported that the threat has been neutralized, and affected users will receive full compensation.
April Warnings
However, the community's main grievance is not so much the hack itself, but that this scenario was pointed out long before the incident. In response to Polymarket's post, one user on X reminded that as early as April 28, 2026, they had saved a file with evidence of their concerns.
According to this user, in April, Polymarket publicly mocked discussions about a possible compromise (which did not exist at the time) and indirectly boasted about its own cybersecurity capabilities, taunting attackers. The user claims they warned the project team that provoking potential attackers is a recipe for disaster, especially for a large organization that is already a prominent target. These arguments, they say, were ignored.
In their opinion, what happened only confirms the correctness of those who were mocked. They also suggested that this is neither the first nor the last time Polymarket and its users will be targeted by hackers.
Recall that earlier, the top 3 losers on Polymarket saw an addition: a trader lost $5.8 million in a single day.
Expert Commentary: This incident is a classic example of how ignoring cybersecurity signals at an early stage leads to real losses. For a platform handling financial flows and user reputation, bravado in security matters is an unforgivable luxury. The community rightly points out that Polymarket not only failed to heed warnings but also provoked attackers with its behavior. Now, the project must not only address the consequences but also rebuild trust, which was undermined long before the hack itself.