Polymarket to reimburse users after third-party compromise triggers $3M phishing attack

ambcryptoPublished on 2026-06-25Last updated on 2026-06-25

Abstract

Prediction market platform Polymarket will fully reimburse users after a security breach on June 25. A compromised third-party vendor injected malicious code into Polymarket's frontend, leading to a phishing attack that targeted users interacting with the platform during a specific window. Blockchain security firm PeckShield estimates the attack drained approximately $3 million in PUSD from over 11 wallets. The stolen funds were bridged from Polygon to Ethereum and converted into roughly 1,893 ETH. Polymarket has contained the incident, removed the affected dependency, and is contacting impacted users for full refunds. The platform's underlying smart contracts were not compromised. No detailed postmortem or reimbursement timeline has been provided.

Prediction market platform Polymarket says it will fully reimburse affected users after a compromised third-party vendor injected malicious code into its frontend. This exposed some users to a phishing attack that blockchain security researchers estimate drained nearly $3 million.

In a statement published on June 25, Polymarket said it discovered the compromised vendor earlier in the day, removed the affected dependency, and contained the incident. The company added that it is contacting impacted users and will refund them in full.

The incident appears to have affected only users who interacted with the compromised frontend during the attack window rather than the platform’s underlying smart contracts.

Third-party compromise injected malicious script

According to Polymarket, the attack originated from a compromised third-party vendor that injected a malicious script into parts of the platform’s frontend.

The company said it has since removed the affected dependency and contained the incident. However, it has not disclosed the identity of the compromised vendor or released a detailed technical postmortem.

The platform emphasized that it is working directly with affected users while continuing its investigation.

Security firms estimate nearly $3M in losses

Blockchain security firm PeckShield reported that the incident appeared to be a phishing campaign targeting Polymarket users.

According to their findings, attackers drained approximately $3 million worth of PUSD from more than 11 victim wallets before bridging the stolen funds from Polygon to Ethereum.

The researchers said the attacker subsequently exchanged the proceeds for roughly 1,893 ETH, consolidating the assets into a monitored Ethereum address.

Polymarket has not publicly confirmed the estimated losses or the number of affected wallets.

Platform promises full reimbursement

Unlike many phishing incidents that leave users responsible for losses, Polymarket said it intends to reimburse everyone affected by the attack.

The company said it is contacting impacted users directly while continuing to investigate the compromise.

No timeline has been provided for either the reimbursement process or the publication of a full incident report.

Final Summary

Polymarket says a compromised third-party vendor injected malicious code into its frontend and has pledged to reimburse affected users.
Security researchers estimate the phishing campaign stole roughly $3 million before the funds were bridged to Ethereum and converted into ETH.

Bitcoin Hits 20-Month Low as Largest Bull Suffers $15 Billion Paper Loss

Bitcoin Hits 20-Month Low as Major Bull Loses $15 Billion On June 25th, Bitcoin fell below $60,000, hitting a low of $58,030—its lowest level since October 2024. The sell-off triggered over $1 billion in leveraged liquidations in 24 hours, with longs accounting for $788 million. This marks a more than 53% decline from the October 2025 all-time high of $126,198. A critical factor in the downturn is the weakening position of MicroStrategy, the largest corporate Bitcoin holder. With 847,363 BTC at an average cost of $75,651, the company now faces over $14.6 billion in unrealized losses. Its core financing flywheel—raising capital to buy Bitcoin—is stalling. Its variable-rate preferred shares (STRC), a key fundraising tool, have fallen 25% below their $100 target. This raises doubts about its ability to continue providing steady institutional demand for Bitcoin. Simultaneously, U.S. spot Bitcoin ETFs are experiencing significant outflows, with a single-day net outflow of $469 million on June 24th. This represents the most severe sustained capital flight since their launch. The macroeconomic backdrop remains restrictive, with persistent inflation delaying expected Fed rate cuts. Analysts note a shift in capital allocation, with institutional funds moving away from crypto towards AI infrastructure stocks. Immediate pressure comes from approximately $10 billion worth of Bitcoin options expiring on June 26th, which could increase market volatility. The combined effect of these factors—eroding core demand pillars, macro headwinds, and capital rotation—has decisively broken the $60,000 support level.

Foresight News5m ago

Bitcoin Hits 20-Month Low as Largest Bull Suffers $15 Billion Paper Loss

Foresight News5m ago

STRC Falls Below $80, Can Conservative Investors Still Buy the Dip?

The article analyzes whether the STRC (a perpetual preferred stock issued by MicroStrategy) presents a buying opportunity after its price fell below its $100 par value to around $80, offering a seemingly high yield of 13-15%. The core argument is that STRC's discount reflects market skepticism about the sustainability of MicroStrategy's capital structure model, not just temporary panic. This model relies on issuing securities (like STRC) to raise funds to buy more Bitcoin, a "flywheel" that works in a bull market. The recent small sale of BTC to fund dividends, while minor, broke the psychological "never sell" anchor and signaled potential strain. Key risks identified are not a traditional Ponzi collapse but a potential breakdown in the financing narrative: 1) If Bitcoin enters a deep bear market, crushing MicroStrategy's stock premium (mNAV), its ability to raise cheap capital weakens. 2) If STRC remains deeply discounted, it signifies permanently higher funding costs. 3) The high cash dividend yield represents a significant ongoing expense. 4) If selling BTC to pay dividends becomes routine, the bullish narrative reverses. The conclusion is that STRC is not a risk-free high-yield asset. It is a high-coupon bet on whether MicroStrategy's BTC treasury financing model can withstand a bear market. Buying it is a wager that the market will continue to believe in and fund this structure at acceptable costs. The current price asks if this cycle's "casualty" might be a BTC treasury company's融资 model itself.

marsbit21m ago

STRC Falls Below $80, Can Conservative Investors Still Buy the Dip?

marsbit21m ago

Why Do Crypto Projects Keep Changing Their Names?

**Why Do Crypto Projects Keep Changing Names?** In the crypto world, changing a project's name is common—over 16% of projects have done so, including major ones like Polygon (formerly Matic Network). This contrasts sharply with traditional businesses, which fiercely protect brand equity. The core reason is that in crypto, brand loyalty is often weak. Users are frequently investors, airdrop hunters, or yield seekers, not traditional consumers. A name associated with price crashes, hacks, or failed narratives becomes a liability, not an asset. Renaming can be a strategic reset to shed this baggage. Name changes serve as a potent marketing tool. They can signal a genuine pivot in strategy or scope (e.g., EthSign dropping "Eth" as it expanded). However, they are often used to "narrative surf," rebranding to align with hot trends like AI, RWA, or the metaverse (e.g., Elrond → MultiversX). Critically, renaming is also a PR tactic to distance a project from past failures like security breaches (e.g., Anyswap → Multichain). The most significant risk emerges when a name change is coupled with a token migration or swap. This process can allow projects to reset exchange price charts, erase visible historical downtrends, and create an illusion of a fresh start. It often facilitates liquidity resets, where low float can be exploited for pumps. More alarmingly, migrations sometimes mask overhauls to tokenomics, introducing substantial new token supply through "ecosystem funds" or "node rewards," effectively diluting existing holders. The fundamental issue isn't renaming itself, which can be valid for strategic evolution. The problem is when it functions as an escape from history—a way to avoid accountability for past mistakes, failed promises, and poor performance. When a project announces a rebrand, the critical questions are: What tangible new capability or strategy does it represent? Has the tokenomics changed? And what part of its past is it most trying to make users forget?

marsbit27m ago

Why Do Crypto Projects Keep Changing Their Names?

marsbit27m ago

A Trillion-Dollar Entry Point for Pension Funds? Franklin's Bitcoin Dividend Reinvestment ETFs Come with a Built-In Selling Pressure Ceiling

Franklin Templeton filed for two ETFs on June 18 that embed a "default option" logic into Bitcoin investing. These funds—the Franklin US Equity Bitcoin Dividend Reinvestment Index ETF and the Franklin US Innovative Equity Bitcoin Dividend Reinvestment Index ETF—aim to automatically allocate a portion of investor dividends to Bitcoin, initially with a 95% stock and 5% Bitcoin allocation. The mechanism is designed for financial advisors, not retail investors. By packaging Bitcoin exposure within a standard equity fund label, advisors can bypass internal compliance restrictions against direct cryptocurrency allocation for their clients. Dividends from the stock holdings are automatically used to buy Bitcoin via spot ETFs, futures, or options. However, the structure imposes strict rebalancing rules: if Bitcoin's allocation exceeds 5%, it is trimmed back to 4.5% quarterly, with a hard cap of 20%. This means the fund becomes a systematic seller during Bitcoin price rallies. Realistically, the potential buying pressure is minimal. Based on dividend yields (approximately 1.05% for broad market, 0.52% for innovative equity), the annual inflow into Bitcoin would be a tiny fraction of the fund's assets. For comparison, Franklin's existing Bitcoin ETF ($359 million AUM) would generate only about $3.6 million in annual Bitcoin purchases—negligible against Bitcoin's daily trading volume. The innovative equity fund, heavily weighted in low-dividend stocks like Nvidia, would have even weaker buying power. The product utilizes an offshore Cayman subsidiary to hold Bitcoin, a common compliance tactic for commodity exposure in mutual funds. A key drawback for investors is the tax liability: they must pay taxes on dividends that are automatically converted into Bitcoin, requiring out-of-pocket cash for a gain they never directly receive. For the strategy to scale significantly, such funds would need to become a default or near-default option in retirement plans like 401(k)s. Recent regulatory moves, including a Trump executive order and a Department of Labor proposal offering fiduciary safe harbors for including crypto assets, could pave the way. However, widespread employer adoption likely awaits further legal clarity. Ultimately, the fund's model leverages investor inertia and automated systems, rather than convincing anyone to actively choose Bitcoin. While it creates a new, albeit small, structural buyer, its rebalancing rules also establish a built-in "selling ceiling" that could dampen price upside if similar products proliferate.

Foresight News29m ago

A Trillion-Dollar Entry Point for Pension Funds? Franklin's Bitcoin Dividend Reinvestment ETFs Come with a Built-In Selling Pressure Ceiling

Foresight News29m ago

Why Do Crypto Projects Always Love Changing Names?

This article explores why cryptocurrency projects frequently change their names, a practice uncommon in traditional businesses where brand equity is a core asset. Over 16% of crypto projects have reportedly rebranded, often for strategic, marketing, or defensive reasons. The primary explanation is the weak user loyalty in crypto; many users are investors, airdrop hunters, or narrative traders, not traditional consumers. When a project's token price falls, its narrative fades, or it faces scandals/hacks, its old name becomes a liability laden with negative history rather than brand value. Therefore, frequent rebranding aims to shed this historical baggage. Name changes can be a marketing strategy to align with new business directions (e.g., Matic to Polygon), capitalize on trending narratives (e.g., adding "AI" or "Multiverse"), or distance from past failures like security breaches (e.g., Anyswap to Multichain). However, the most concerning aspect often involves a simultaneous token migration or swap. This process can serve as a "liquidity reset": it wipes historical price charts, potentially eases market manipulation, and is sometimes used to introduce new tokenomics that dilute existing holders' value through hidden inflation. The article concludes that while legitimate strategic pivots can justify a rebrand, many crypto name changes are less about building a new future and more about escaping the past—erasing bad memories, failed narratives, and dissatisfied communities. The key questions for any rebranding project are: what genuine new value or strategy does it bring, how has the tokenomics changed, and what part of its history is it trying to make users forget?

链捕手36m ago

Why Do Crypto Projects Always Love Changing Names?

链捕手36m ago

Trading

Spot

Futures