Best crypto insights delivered straight to your inbox.
- On-chain analyst Specter reported that at least 11 Polymarket accounts were recently compromised, resulting in the theft of $2.94 million in assets.
- Users are frequently targeted by sophisticated phishing scams, fake trading bots, and deceptive sites designed to hijack credentials and drain wallets.
- Speculation around the platform’s token has created a surge of fraudulent “eligibility” and “claim” scams.
Popular on-chain analyst Specter just reported a major Polymarket breach today that stole up to $2.94 million from about 11 accounts combined.
According to Specter, the stolen funds were originally held as PUSD (Polymarket’s USD-pegged collateral token), swapped into ETH and sent to a final address. While 11 victims have been identified so far, the final count may still increase as investigators continue to trace more transactions.
Why always Polymarket?
Polymarket has faced phishing and social engineering attacks since last year. Each one exploited different entry points but followed the same playbook: tricking users into handing over credentials, then clearing their wallets before they notice.
Earlier this month, Polymarket’s VP of Engineering, Josh Stevens, addressed a case where a user was swindled out of more than $2 million. The victim had entered a one-time password into a fake website that looked exactly like Polymarket, which allowed the attacker to compromise the victim’s Magic Link wallet (an email-based login system), and drain their funds instantly.
Stevens stressed that while the impact was massive, the breach took place on a scam site and did not stem from a flaw in Polymarket’s own platform.
That attack came after a $520,000 drain from the platform’s UMA CTF Adapter contract on Polygon in May. According to on-chain investigator ZachXBT, the attack was caused by a compromised deployer key.
Airdrop speculation may be fueling the threat
The phishing risk facing Polymarket users is compounded by growing speculation around a potential POLY token airdrop. On June 25, X user Tiptop noted that Polymarket had quietly updated its FAQ page, removing language that previously stated the platform “does not have a token” and scrubbing references to having no plans for an airdrop or token generation.
Polymarket CMO Matthew Modabber confirmed token and airdrop plans in an October 2025 interview, saying the team wanted to create “a token with true utility, longevity, and to be around forever,” as Cryptopolitan reported. That confirmation prompted users to adjust their trading behavior in hopes of qualifying for a future distribution.
The hype around potential airdrops makes it easy for scammers to trick people with fake eligibility checkers and claim pages.
Another round of airdrop speculation has started spreading on social media, as Web3 profiles have reported that Polymarket recently removed the explicit denial of an airdrop from its FAQ page.
Polymarket faces other reputational headaches
The risks on the platform have gone beyond phishing. Last December, SlowMist found a Polymarket copy-trading bot on GitHub embedded with malicious code meant to steal and transmit private keys to hackers.
Another investigation conducted by StepSecurity in March also uncovered a compromised GitHub organization that was distributing fake trading bots designed to compromise user accounts.
The platform also faces reputational headwinds. According to a Wall Street Journal investigation, Polymarket paid influencers around $2,000 to $3,000 per month to post scripted videos showing fake trading profits.
Apparently, the influencers were told to hide that they were being paid, and even ordered to redo clips if they weren’t exciting enough. They were also instructed to make the fake winnings appear as if they were real, organic experiences.
Combined with the phishing campaigns and malicious bot ecosystem, the pattern now creates doubts about user safety on a platform where prediction market open interest recently hit a record $1.48 billion, according to a16z Crypto data cited by Cryptopolitan.
If you're reading this, you’re already ahead. Stay there with our newsletter.
FAQs
How much was stolen in the latest Polymarket phishing attack?
On-chain analyst Specter estimated losses at $2.94 million across at least 11 victim wallets, with the stolen PUSD converted to ETH and moved to a single consolidation address.
Has Polymarket been hacked directly?
The phishing incidents have targeted individual users through fake websites and compromised credentials, not Polymarket's core smart contracts. Polymarket's VP of Engineering Josh Stevens stated in a previous incident that the breach occurred on a malicious third-party site, not the platform itself.
Why does the potential POLY token airdrop increase phishing risk?
Airdrop speculation creates urgency that attackers exploit through fake eligibility pages and claim portals. Polymarket recently removed language from its FAQ denying token plans, and CMO Matthew Modabber has publicly confirmed a future POLY token and airdrop, giving scammers a credible narrative to build phishing campaigns around.
Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
Hannah Collymore
Hannah is a writer and editor with nearly a decade of blog writing and event reporting experience in the crypto space. At Cryptopolitan, Hannah contributes to the news page, reporting and analyzing the latest developments in DeFi, RWA, crypto regulation, AI and frontier tech industries. She graduated from Arcadia university with a degree in Business Administration.
CRASH COURSE
- Which cryptocurrencies can make you money
- How to boost your security with a wallet (and which ones are actually worth using)
- Little-known investment strategies that the pros use
- How to get started investing in crypto (which exchanges to use, the best crypto to buy etc)