Prediction platform Polymarket reported a cyber attack that compromised approximately eleven user accounts. Attackers injected a malicious script into the platform interface to access and withdraw funds.
Security Response and Compensation
The total financial loss reaches approximately $3M. The injected script allowed unauthorized access to specific wallets, resulting in the transfer of user assets. Polymarket confirmed that the underlying vulnerability has been fully patched.The platform pledged complete reimbursement for all affected accounts. While the official investigation remains ongoing, one impacted user suggested the breach may have originated from Xorek Cloud, a virtual private server provider used to store a private key. Polymarket has not yet verified this connection or identified the exact service provider responsible for the compromise.