Prediction market platform Polymarket is reportedly seeking to raise $400 million in new funding, potentially valuing the company at $15 billion, according to sources familiar with the matter.

The move highlights growing institutional interest in the rapidly expanding prediction markets sector.

Fresh Capital to Fuel Growth

The reported funding round would add to a recent influx of capital into Polymarket.

In late March, Intercontinental Exchange (ICE), the parent company of the New York Stock Exchange, invested $600 million into the platform.

Polymarket is now looking to bring in additional strategic investors, with the total raise potentially reaching as much as $1 billion.

Competition Heats Up

Despite the sizable valuation, Polymarket would still trail competitor Kalshi, which was valued at around $22 billion in its most recent funding round.

The rivalry reflects increasing competition as traditional financial firms move into the prediction market space.

Rapid Growth in Trading Volume

Prediction markets have seen explosive growth since the 2024 US election cycle.

Platforms like Polymarket and Kalshi are now regularly recording more than $10 billion in monthly trading volume, covering a wide range of topics including politics, sports, finance, and cultural events.

This surge in activity has attracted attention from major Wall Street players.

Traditional Finance Moves In

Several established financial institutions are exploring opportunities in prediction markets.

Nasdaq has already filed to introduce binary-style contracts tied to the Nasdaq-100 index, while Cboe Global Markets is preparing its own offering.

Meanwhile, CME Group has partnered with FanDuel to expand into event-based trading beyond traditional financial instruments.

Firms like Charles Schwab and Citadel Securities are also reportedly considering entering the space.

Regulatory Challenges Persist

Despite the momentum, prediction markets continue to face legal and regulatory hurdles.

Kalshi is currently involved in a legal dispute with the Nevada Gaming Control Board, which argues that its contracts resemble unlicensed gambling.

The outcome of this case could have broader implications for how prediction markets are regulated in the United States, with some experts suggesting it could reach the Supreme Court.

A Growing Financial Frontier

Polymarket’s fundraising efforts come at a time when prediction markets are evolving into a new financial frontier.

As institutional interest accelerates and platforms expand their offerings, the sector is increasingly blurring the lines between trading, forecasting, and gambling.

The team behind eth.limo, a key gateway for Ethereum Name Service domains, has confirmed that its recent domain hijack was the result of a targeted social engineering attack against its DNS provider, EasyDNS.

The incident briefly raised concerns across the crypto community, as eth.limo plays a critical role in connecting decentralized websites to traditional web browsers.

Attack Exploited Account Recovery Process

According to the project’s post-mortem, the attacker impersonated a member of the eth.limo team to initiate an account recovery request with EasyDNS.

This allowed the attacker to gain control of the domain account and modify its DNS settings.

Once access was secured, the attacker changed the nameserver records and redirected traffic through Cloudflare, potentially opening the door to phishing or malicious redirects.

Critical Infrastructure at Risk

eth.limo acts as a bridge between Web3 and Web2, enabling access to around 2 million .eth websites through standard browsers.

A successful hijack could have redirected users to harmful sites without their knowledge.

Ethereum co-founder Vitalik Buterin even warned users to avoid his blog during the incident until the issue was resolved.

DNSSEC Helped Limit Damage

Despite the breach, major damage was avoided thanks to Domain Name System Security Extensions (DNSSEC).

Because the attacker did not have the correct cryptographic signing keys, most DNS resolvers rejected the forged records.

As a result, users encountered errors instead of being redirected to malicious content, significantly reducing the potential impact.

Both eth.limo and EasyDNS credited DNSSEC with preventing a much more serious outcome.

EasyDNS Accepts Responsibility

EasyDNS CEO Mark Jeftovic acknowledged the failure, calling it the first successful social engineering attack against a client in the company’s 28-year history.

He described the incident as highly sophisticated and confirmed that an internal investigation is ongoing.

Security Upgrades Underway

In response, EasyDNS is implementing stronger safeguards.

The company plans to migrate eth.limo to its more secure Domainsure platform, which removes account recovery mechanisms altogether, a key vulnerability exploited in this attack.

Additional security improvements are also being rolled out to prevent similar incidents in the future.

Part of a Broader Trend

The eth.limo breach is the latest in a string of domain hijacking incidents targeting crypto-related platforms.

Recent cases involving projects like CoW Swap and Steakhouse Financial highlight a growing trend of attackers exploiting human vulnerabilities rather than technical flaws.

Ongoing Vigilance Needed

While no user impact has been confirmed so far, the incident underscores the importance of robust security practices across both Web2 and Web3 infrastructure.

As crypto adoption grows, protecting critical access points like domain services will remain essential to maintaining trust and preventing large-scale exploits.

Aave, one of the largest decentralized lending protocols, saw nearly $8 billion wiped from its total value locked (TVL) over the weekend following a major exploit tied to Kelp DAO.

The incident triggered widespread withdrawals and exposed vulnerabilities in the interconnected DeFi ecosystem.

Massive Outflows Shake Aave

Data shows Aave’s TVL dropped from around $26.4 billion to $18.6 billion within a day, causing it to lose its position as the top DeFi protocol.

The sharp decline came as users rushed to withdraw funds after hackers leveraged the platform to borrow against stolen assets.

Exploit Leads to “Bad Debt”

The attack began when hackers stole approximately $293 million worth of rsETH tokens from Kelp DAO’s LayerZero-based bridge.

They then used the stolen assets as collateral on Aave to borrow wrapped Ether, creating an estimated $195 million in bad debt on the protocol.

This chain reaction highlighted how a single exploit can ripple across multiple platforms in DeFi.

Liquidity Crunch Hits Stablecoin Pools

Aave’s stablecoin lending pools for USDT and USDC reached 100% utilization following the incident.

This means over $5 billion in stablecoins is effectively locked, with users unable to withdraw funds until liquidity improves or loans are repaid.

The situation underscores the risks tied to liquidity mismatches during periods of market stress.

AAVE Token Drops Sharply

The impact was also reflected in Aave’s native token.

AAVE fell nearly 20% in just over 24 hours, dropping from around $112 to below $90 as investor confidence weakened.

Large Players Exit Positions

Major withdrawals came from institutional players and crypto whales.

MEXC reportedly withdrew around $431 million, while Abraxas Capital pulled approximately $392 million from the protocol, accelerating the liquidity drain.

Emergency Measures and Market Freezes

In response, Aave froze several markets tied to rsETH and wrapped Ether across multiple networks to prevent further risk.

The protocol also confirmed that rsETH on Ethereum remains fully backed, attempting to reassure users amid the turmoil.

Meanwhile, other platforms connected to rsETH or the affected bridge, including Curve Finance, Ethena, and BitGo’s Wrapped Bitcoin, paused related operations as a precaution.

Stress Test for Aave’s Security Model

The event marks a major test for Aave’s “Umbrella” risk management system, introduced in 2025 to protect against bad debt through automated mechanisms.

While Aave maintains that its overcollateralization and liquidation systems help shield lenders, the incident shows how external exploits can still create systemic pressure.

DeFi Interconnectedness Under Scrutiny

The Aave crisis highlights the growing complexity of DeFi, where protocols are deeply interconnected.

A vulnerability in one platform can quickly cascade across others, amplifying risk and triggering liquidity shocks.

As the ecosystem continues to evolve, improving security and risk isolation will remain critical for maintaining user confidence.