Polymarket to Refund Users After Hackers Steal $2.94M

A compromised vendor injected malicious code into Polymarket’s frontend, prompting the platform to promise full reimbursement for affected users.

by .
Published:
Polymarket to Refund Users After Hackers Steal $2.94M
Google News Follow Button

Polymarket, the world’s largest prediction market, said a compromised third-party service injected malicious code into its frontend, allowing attackers to steal roughly $2.94 million from fewer than 15 users. The company said it will fully reimburse all victims.

Malicious Script Targeted PUSD Wallets on Polygon

In a statement posted on X, Polymarket said it discovered that “a 3rd party vendor had been compromised,” allowing a malicious script to be injected into its frontend for some users.

The incident appears to have been a frontend supply-chain attack rather than a smart contract exploit, with users tricked into signing malicious transactions through the compromised interface. 

Sponsored

Crypto Prediction Markets
Place your prediction  ·  View all markets
Sponsored by 🎯 Predict & Win
Live
BTC next move: Pump to $66K or Dump to $54K?
78% Bullish 22% Bearish
Pump to $66K
Dump to $54K
$2,841,392
Ξ
Live
ETH next move: Pump to $1.7K or Dump to $1.4K?
61% Bullish 39% Bearish
Pump to $1.7K
Dump to $1.4K
$1,204,551
Live
SOL next move: Pump to $79.00 or Dump to $64.64?
55% Bullish 45% Bearish
Pump to $79.00
Dump to $64.64
$438,209
18+ · Gambling involves risk. Play responsibly.

Polymarket did not identify the compromised vendor or disclose how many users were affected.

Nearly $3 Million Bridged to Ethereum

Blockchain security firm PeckShield cited findings from on-chain investigator Specter, reporting that the phishing campaign drained roughly $2.94 million worth of PUSD from Polymarket users.

According to PeckShield, the attacker bridged the stolen assets from Polygon to Ethereum before swapping them for roughly 1,893 ETH.

Polymarket said there is no evidence its core smart contracts or protocol-held funds were compromised. The attack appears to have relied on deceiving users into authorizing malicious transactions through the altered frontend.

A Rough Week for Polymarket 

The incident comes days after a Wall Street Journal report alleged Polymarket paid online creators to publish misleading promotional videos showing fabricated bets and winnings. The company subsequently announced an audit of its marketing content.

Last month, a company-controlled wallet used for employee top-ups and user rewards lost roughly $700,000 after a private key was compromised. Polymarket said user funds were unaffected.

Why This Matters

The incident highlights the growing threat of supply-chain attacks in crypto, where attackers target third-party software providers rather than blockchain protocols themselves. Even platforms with secure smart contracts can expose users to losses if their web interfaces are compromised.

Discover DailyCoin’s popular crypto news today:
Apple Shock, Rate Hike Fear Weigh on Ethereum: How Far Can ETH Fall?
The CLARITY Act Timeline Just Got a Whole Lot Tighter

DailyCoin's Vibe Check: Which way are you leaning towards after reading this article?
Market Sentiment
0% Neutral

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Tags

Subscribe here