Polymarket to Refund Users After Hackers Steal $2.94M

Polymarket, the world’s largest prediction market, said a compromised third-party service injected malicious code into its frontend, allowing attackers to steal roughly $2.94 million from fewer than 15 users. The company said it will fully reimburse all victims.

Malicious Script Targeted PUSD Wallets on Polygon

In a statement posted on X, Polymarket said it discovered that “a 3rd party vendor had been compromised,” allowing a malicious script to be injected into its frontend for some users.

The incident appears to have been a frontend supply-chain attack rather than a smart contract exploit, with users tricked into signing malicious transactions through the compromised interface

Polymarket did not identify the compromised vendor or disclose how many users were affected.

Nearly $3 Million Bridged to Ethereum

Blockchain security firm PeckShield cited findings from on-chain investigator Specter, reporting that the phishing campaign drained roughly $2.94 million worth of PUSD from Polymarket users.

According to PeckShield, the attacker bridged the stolen assets from Polygon to Ethereum before swapping them for roughly 1,893 ETH.

Polymarket said there is no evidence its core smart contracts or protocol-held funds were compromised. The attack appears to have relied on deceiving users into authorizing malicious transactions through the altered frontend.

A Rough Week for Polymarket

The incident comes days after a Wall Street Journal report alleged Polymarket paid online creators to publish misleading promotional videos showing fabricated bets and winnings. The company subsequently announced an audit of its marketing content.

Last month, a company-controlled wallet used for employee top-ups and user rewards lost roughly $700,000 after a private key was compromised. Polymarket said user funds were unaffected.

Why This Matters

The incident highlights the growing threat of supply-chain attacks in crypto, where attackers target third-party software providers rather than blockchain protocols themselves. Even platforms with secure smart contracts can expose users to losses if their web interfaces are compromised.

Discover DailyCoin’s popular crypto news today:
Apple Shock, Rate Hike Fear Weigh on Ethereum: How Far Can ETH Fall?
The CLARITY Act Timeline Just Got a Whole Lot Tighter

.social-share-icons { display: inline-flex; flex-direction: row; gap: 8px; border-radius: 8px; border: 1px solid #dedede; padding: 8px 16px; margin-bottom: 8px; }

.social-share-icons a { display: flex; color: #555; text-decoration: none; justify-content: center; align-items: center; background-color: #dedede; border-radius: 100%; padding: 10px; }

.social-share-icons a:hover { background-color: #F7BE23; fill: white; }

.social-share-icons svg { width: 24px; height: 24px; }

DailyCoin's Vibe Check: Which way are you leaning towards after reading this article?

Bullish Bearish Neutral

Market Sentiment

0% Neutral