Polymarket Faces CFTC Probe as $3.1 Million Phishing Attack Hits 11 Wallets
Polymarket is dealing with two problems at once: an “ongoing and extensive” CFTC investigation and a $3.1 million phishing attack that compromised 11 user wallets. For anyone watching prediction markets, this is the useful part: regulatory scrutiny and security failures are now arriving on the same timetable.
- The Commodity Futures Trading Commission (CFTC) is investigating Polymarket following a Wall Street Journal report on alleged misleading marketing tactics, CNBC reported on Friday, June 26. The report said the company had flooded social media with apparently genuine videos of content creators winning trades on Polymarket, while in practice creators were asked to simulate trades on duplicate sites without disclosure that they were being paid.
- The WSJ report led lawmakers to call for greater regulatory scrutiny of the company. Polymarket told the outlet it intended to conduct an audit of active promotional content and said it was “committed to maintaining accurate, fair, and transparent markets.”
- According to CNBC, this is a notable reversal for Polymarket. The company had previously been banned from the U.S., but earlier CFTC and Department of Justice probes were dropped without charges last year. The report also said this is the first high-profile investigation into a prediction market company under CFTC Chairman Michael Selig, who had previously been seen as a champion of the sector.
- Separately, CoinDesk reported on Saturday that Polymarket is handling a $3.1 million exploit involving PUSD tokens. The breach affected 11 user wallets and was traced to a compromised third-party vendor that injected a malicious script into the platform’s frontend.
- Blockchain intelligence firms said the stolen assets were taken from the Polygon network and immediately bridged to Ethereum. Polymarket has promised full refunds to victims holding its native PUSD collateral, according to the report.
For PSPs and partners, the takeaway is straightforward: Polymarket is now under pressure on both compliance and operational security. That combination tends to matter more than either issue on its own, because it affects licensing risk, counterparty risk, and how much headache sits behind every integration call.
Weekly high-risk digest
Regulation, sanctions and payment news across your verticals — once a week, free.
Please check your inbox and click the link to confirm your subscription.
Please enter a valid email address!