Polymarket, the world’s largest prediction market, said a compromised third-party service injected malicious code into its frontend, allowing attackers to steal roughly $2.94 million from fewer than 15 users. The company said it will fully reimburse all victims.
Malicious Script Targeted PUSD Wallets on Polygon
In a statement posted on X, Polymarket said it discovered that “a 3rd party vendor had been compromised,” allowing a malicious script to be injected into its frontend for some users.
The incident appears to have been a frontend supply-chain attack rather than a smart contract exploit, with users tricked into signing malicious transactions through the compromised interface.
Sponsored
Crypto Prediction Markets
18+ · Gambling involves risk. Play responsibly.
Polymarket did not identify the compromised vendor or disclose how many users were affected.
Nearly $3 Million Bridged to Ethereum
Blockchain security firm PeckShield cited findings from on-chain investigator Specter, reporting that the phishing campaign drained roughly $2.94 million worth of PUSD from Polymarket users.
According to PeckShield, the attacker bridged the stolen assets from Polygon to Ethereum before swapping them for roughly 1,893 ETH.
Polymarket said there is no evidence its core smart contracts or protocol-held funds were compromised. The attack appears to have relied on deceiving users into authorizing malicious transactions through the altered frontend.
A Rough Week for Polymarket
The incident comes days after a Wall Street Journal report alleged Polymarket paid online creators to publish misleading promotional videos showing fabricated bets and winnings. The company subsequently announced an audit of its marketing content.
Last month, a company-controlled wallet used for employee top-ups and user rewards lost roughly $700,000 after a private key was compromised. Polymarket said user funds were unaffected.
Why This Matters
The incident highlights the growing threat of supply-chain attacks in crypto, where attackers target third-party software providers rather than blockchain protocols themselves. Even platforms with secure smart contracts can expose users to losses if their web interfaces are compromised.
Discover DailyCoin’s popular crypto news today:
Apple Shock, Rate Hike Fear Weigh on Ethereum: How Far Can ETH Fall?
The CLARITY Act Timeline Just Got a Whole Lot Tighter
DailyCoin’s Vibe Check: Which way are you leaning towards after reading this article?
Be the first to comment