The Web3 ecosystem is facing a double blow of reputational and security challenges. A Wall Street Journal report alleging that Polymarket paid creators to stage fake winning bets has rocked the prediction market, while a hacker has begun laundering $36 million stolen from Humanity Protocol. These back-to-back developments highlight the persistent vulnerabilities in platform integrity and smart contract security that continue to test the digital asset space.
According to the WSJ report, Polymarket—the breakout decentralized prediction platform—reportedly funded creators to showcase manufactured winning bets on dummy sites. While the platform has enjoyed massive volume and cultural relevance, these allegations of artificial promotion threaten to dent user trust and draw sharper regulatory scrutiny in the U.S., where prediction markets already operate in a legal gray area. For participants, it raises questions about the authenticity of the platform's social proof.
Simultaneously, security firms tracked the movement of $36 million in digital assets stolen in a phishing breach targeting Humanity Protocol. The attacker is actively routing the funds through stablecoins and the KuCoin exchange to obscure the paper trail. This incident underscores that even highly anticipated, identity-focused Web3 projects remain lucrative targets for sophisticated phishing campaigns, emphasizing the critical need for robust treasury controls.
Together, these events represent a clear downside risk for retail confidence and project security. While neither incident halts broader Web3 adoption, they serve as a stark reminder to market participants that both decentralized applications and emerging protocols carry significant operational hazards. Traders and builders must prioritize platform transparency and rigorous self-custody practices to navigate this volatile environment.