On June 25, 2026, multiple reports confirmed that Polymarket users lost approximately $2.94 million to $3 million in a suspected phishing attack. On-chain analyst Specter first flagged the breach, noting that funds were held as PUSD (Polymarket’s USD-pegged collateral token) and then swapped into ETH before being sent to a final address. So far, 11 victims have been identified, though the total may rise as investigators trace additional transactions.
The attack exploited social engineering tactics rather than a flaw in Polymarket’s platform. Earlier this month, a separate case saw a user lose over $2 million after entering a one-time password on a fake Polymarket site, compromising a Magic Link wallet. Polymarket’s VP of Engineering stressed that the breach occurred on a scam site, not the official platform. This latest incident follows a $520,000 drain from Polymarket’s UMA CTF Adapter contract in May, caused by a compromised deployer key.
Airdrop speculation likely intensified the threat. Speculation around a potential POLY token airdrop grew after Polymarket updated its FAQ page to remove language denying plans for a token. The team had previously confirmed airdrop intentions, leading users to adjust trading behavior in hopes of qualifying. Scammers exploited this hype with fake eligibility checkers and claim pages, luring victims into approving malicious transactions.
Beyond phishing, Polymarket faces other security and reputational issues. A GitHub copy-trading bot was found with code to steal private keys, and a compromised GitHub organization distributed fake trading bots. Additionally, a Wall Street Journal investigation revealed that Polymarket paid influencers to post scripted videos showing fake profits, eroding trust. With prediction market open interest recently hitting a record $1.48 billion, these incidents cast a shadow over user safety on the platform.
