Woofun AI reports that a security breach targeting an external partner of Polymarket resulted in the theft of approximately $3 million in customer funds on June 25. The incident involved the compromise of an unnamed third-party service provider, with attackers specifically targeting pUSD for trading and settlement before converting the assets into ETH. Blockchain analytics firm Bubblemaps determined that fewer than 15 user accounts were affected by this specific intrusion.

The vulnerability exploited during the attack has been identified and resolved by Polymarket, which is currently in the process of fully compensating all impacted users. Despite the remediation, the identity of the external partner whose systems were breached remains undisclosed to the public. This lack of transparency complicates the assessment of the specific infrastructure failure that allowed the theft.

This incident is not an isolated event for Polymarket, as the platform experienced a separate security breach last month involving a leaked private key associated with an employee wallet. That earlier compromise resulted in a $700,000 theft, highlighting a pattern of vulnerabilities linked to the platform's external infrastructure. The recurrence of these security failures has raised significant concerns among users and industry observers regarding the robustness of the platform's overall security posture.

Structurally, the rapid conversion of stolen pUSD into ETH suggests a coordinated effort to obscure the trail of the illicit funds immediately upon exfiltration. The concentration of losses within fewer than 15 accounts indicates a targeted operation rather than a broad-based exploit of the main protocol. This marks the second significant financial loss for the platform in a single month, signaling urgent operational risks.