Polymarket Customers Lose $3 Million in Supply-Chain Attack
The attack exploited a third-party dependency rather than Polymarket's own infrastructure, a supply-chain vector that leaves even secure platforms vulnerable.
Reporting from 1 sources: GIGAZINE.
Polymarket announced that malicious JavaScript was inserted into its website via a compromised third-party vendor, resulting in approximately $3 million in customer losses. The prediction market service says it will fully compensate affected users. Blockchain analytics firm PeckShield identified the incident as a phishing attack. Fewer than 15 accounts were affected, and Polymarket's own servers were not compromised.
Polymarket disclosed on Monday that malicious JavaScript was injected into its frontend after a third-party vendor was compromised. The script targeted some users, and blockchain analytics firm PeckShield tracked approximately $3 million in stolen Polymarket USD tokens that were then exchanged for Ethereum. Data analytics firm Bubblemaps reported that fewer than 15 accounts were affected. Polymarket said it removed the affected dependencies, resolved the bug, and will fully compensate customers. The company stressed that its own servers and backend infrastructure were not breached.
Synthesized by Yomimono from the 1 cited source below, including Japanese-language reporting where cited, then editorially reviewed before publishing.