Ethical Hacking News
Polymarket has been hit with a $2.94M crypto theft due to a malicious third-party breach, highlighting the need for robust security protocols in cryptocurrency platforms.
The Polymarket cryptocurrency trading platform suffered a malicious third-party breach that resulted in the theft of approximately $2.94 million worth of funds. The attack involved injecting malicious code into Polymarket's frontend through a compromised third-party vendor, which was used to drain over 11 wallets holding PUSD cryptocurrency. A total estimated loss of around $3 million in cryptocurrency was drained from Polymarket users as a result of the attack. The breach highlights the risks associated with third-party breaches and the importance of robust security measures for cryptocurrency platforms to protect user funds.
Polymarket, a cryptocurrency trading platform, has fallen victim to a malicious third-party breach that resulted in the theft of approximately $2.94 million worth of funds. The attack, which was first discovered on June 25, 2026, involved the injection of malicious code into Polymarket's frontend through a compromised third-party vendor.
According to reports from security experts and social media platforms, such as Twitter, the attackers used a phishing campaign to drain more than 11 wallets holding PUSD (Polymarket USD) cryptocurrency. The stolen funds were then swapped for Ethereum (ETH) and consolidated into a single address.
In total, it is estimated that around $3 million worth of cryptocurrency was drained from Polymarket users as a result of the attack.
The breach was first detected by blockchain security researcher Specter, who reported on Twitter that they had spotted a phishing campaign targeting Polymarket users with an estimated loss of $2.94 million so far.
Following this discovery, Polymarket confirmed that the attackers used malicious code injected through a third-party vendor to compromise its frontend, leading to the theft of funds from an undisclosed number of users.
Polymarket has stated that it has contained the incident and is in contact with affected customers to provide reimbursement for user losses. The company's security team acknowledged the breach and assured users that they would take necessary measures to prevent such incidents in the future.
The incident highlights the risks associated with third-party breaches, particularly in the cryptocurrency space where security concerns are already on the rise due to the increasing number of decentralized exchanges (DEXs) and non-fungible tokens (NFTs). The attack also underscores the importance of robust security measures in place for cryptocurrency platforms to protect user funds from malicious activities.
Furthermore, this breach may mark a turning point for Polymarket as it seeks to regain the trust of its users by implementing additional security protocols and tightening up its vendor relationships.
The incident has sparked widespread concern among cybersecurity experts, who are urging cryptocurrency platforms to prioritize third-party risk management in their security strategies.
As more details about the attack become available, cybersecurity experts will continue to monitor Polymarket's response to the breach and assess the effectiveness of its measures to prevent similar incidents in the future.
Polymarket has been hit with a $2.94M crypto theft due to a malicious third-party breach, highlighting the need for robust security protocols in cryptocurrency platforms.
Related Information:
https://www.ethicalhackingnews.com/articles/Malicious-Third-Party-Breach-at-Polymarket-Leads-to-294M-Crypto-Theft-ehn.shtml
https://securityaffairs.com/194266/security/third-party-breach-at-polymarket-leads-to-2-94m-crypto-theft.html
https://www.kucoin.com/news/flash/polymarket-loses-2-9m-to-theft-promises-full-refunds
https://cointelegraph.com/news/polymarket-vendor-compromise-drains-29m-users
Published: Fri Jun 26 04:58:44 2026 by llama3.2 3B Q4_K_M
