This was reported by a trader, 25usdc, who wrote on social media that hackers have been using Polymarket's comments section to scam users, and that users have lost over $500,000 so far.

They say, "Why don't you trade on Polymarket's private markets? It's always much more profitable there!" 25usdc wrote.

According to him, it all starts with them buying Yes and No shares on the market from two different accounts. This way, their comments remain accessible even when the "Owners" filter is enabled. They then publish their website URL in encrypted form.

The URL redirects the unsuspecting user to a page with the Polymarket logo and asks them to login via email. After confirming, a new window appears, mimicking CloudFlare, asking for confirmation. "Eventually, they collect data, log everything in your system, and send the archive to their server. They then use this data to log into your accounts and steal your money," 25usdc wrote.

He also noted how meticulous the scammers are: for example, they cover their tracks by frequently switching wallets, obfuscating their trail at every stage, and even shutting down the server that sends payloads and receives logged data when there's no active victim.