Third-Party Breach at Polymarket Leads to $2.94M Crypto Theft

Polymarket confirmed that a security breach at a third-party vendor allowed attackers to inject malicious code into its website, leading to the theft of funds from an undisclosed number of users, Security Affairs reported on June 26. The company said it has contained the incident and is contacting affected customers. It announced it will fully reimburse user losses, but technical details of the attack have not yet been disclosed. The attack first came to light when blockchain security researcher Specter spotted a phishing campaign that drained more than 11 Polymarket wallets holding PUSD. Experts estimated losses of $2.94 million and reported the attacker moved the stolen funds from Polygon to Ethereum and converted them into 1,893 ETH. Polymarket confirmed hackers stole funds from some users after attackers injected malicious code through a compromised third-party vendor.