Third-Party Breach at Polymarket Leads to $2.94M Crypto TheftPo 2026-6-26 08:24:32 Author: securityaffairs.com(查看原文) 阅读量:2 收藏
Third-Party Breach at Polymarket Leads to $2.94M Crypto Theft
Polymarket confirmed hackers stole funds from some users after attackers injected malicious code through a compromised third-party vendor.
Polymarket confirmed that a security breach at a third-party vendor allowed attackers to inject malicious code into its website, leading to the theft of funds from an undisclosed number of users.
The company said it has contained the incident and is contacting affected customers. The firm announced it will fully reimburse user losses, however the technical details of the attack have not yet been disclosed.
This morning we discovered a 3rd party vendor had been compromised, injecting a malicious script into our frontend for some users. We've contained it & removed the affected dependency. We're contacting impacted users & refunding them in full.
— Polymarket Traders (@PolymarketTrade) June 25, 2026
The attack first came to light when blockchain security researcher Specter spotted a phishing campaign that drained more than 11 Polymarket wallets holding PUSD.
— Specter (@SpecterAnalyst) June 25, 2026It appears there may be a phishing attack targeting Polymarket users, with estimated losses of $2.94M so far.
The attacker has drained funds from 11+ victim wallets holding PUSD, swapped the stolen assets for ETH, and consolidated the proceeds into the following address:… pic.twitter.com/6WfS0JhdDG
The experts estimanted losses of $2.94 million and reported the attacker moved the stolen funds from Polygon to Ethereum and converted them into 1,893 ETH.
Earlier this week, Polymarket said it would review its promotional content after an investigation found it had paid creators to post fake videos showing fabricated betting wins.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Polymarket)
如有侵权请联系:admin#unsafe.sh