Polymarket acknowledged the hack: April warnings turned out to be prophetic
Prediction platform Polymarket has officially confirmed a compromise through a third-party contractor. A malicious script was injected into the frontend for a portion of users. The team states that the incident has been contained, the dependency has been removed, and affected users are promised full reimbursement.
However, the community's attention is drawn not so much to the hack itself, but to the fact that this scenario was predicted several months ago. Critics recall that the risks of such attacks were publicly voiced in April, but Polymarket's management chose to ignore them at the time.
Timeline of the Incident
According to Polymarket, the attack occurred through a compromised third-party provider. Malicious code was injected into the platform's interface, affecting a portion of the user base. The team responded promptly by removing the problematic integration and initiating the process of refunding affected users.
April Warnings
A user under the handle vxunderground published screenshots dated April 28, 2026, in which he allegedly warned the Polymarket team about a potential vulnerability. According to him, in response to his concerns, the platform publicly mocked discussions of a possible compromise and even boasted about its cybersecurity, effectively challenging attackers.
"Taunting potential attackers is a surefire recipe for disaster, especially for a large organization that is already a prominent target," the user stated, emphasizing that his arguments were ignored.
He also suggested that this incident is neither the first nor the last time Polymarket and its users have become targets for hackers.
Expert Comment: The Polymarket story is a classic example of how ignoring early warnings and excessive overconfidence in security matters lead to material losses and reputational damage. For a platform dealing with real money and predictions, such an approach is an unforgivable luxury. The community has the right to expect from Polymarket not only a rapid response to incidents but also proactive work with potential threats, rather than mocking those who point them out.