Polymarket to reimburse users after third-party compromise triggers $3M phishing attack

ambcryptoPublicado a 2026-06-25Actualizado a 2026-06-25

Resumen

Prediction market platform Polymarket will fully reimburse users after a security breach on June 25. A compromised third-party vendor injected malicious code into Polymarket's frontend, leading to a phishing attack that targeted users interacting with the platform during a specific window. Blockchain security firm PeckShield estimates the attack drained approximately $3 million in PUSD from over 11 wallets. The stolen funds were bridged from Polygon to Ethereum and converted into roughly 1,893 ETH. Polymarket has contained the incident, removed the affected dependency, and is contacting impacted users for full refunds. The platform's underlying smart contracts were not compromised. No detailed postmortem or reimbursement timeline has been provided.

Prediction market platform Polymarket says it will fully reimburse affected users after a compromised third-party vendor injected malicious code into its frontend. This exposed some users to a phishing attack that blockchain security researchers estimate drained nearly $3 million.

In a statement published on June 25, Polymarket said it discovered the compromised vendor earlier in the day, removed the affected dependency, and contained the incident. The company added that it is contacting impacted users and will refund them in full.

The incident appears to have affected only users who interacted with the compromised frontend during the attack window rather than the platform’s underlying smart contracts.

Third-party compromise injected malicious script

According to Polymarket, the attack originated from a compromised third-party vendor that injected a malicious script into parts of the platform’s frontend.

The company said it has since removed the affected dependency and contained the incident. However, it has not disclosed the identity of the compromised vendor or released a detailed technical postmortem.

The platform emphasized that it is working directly with affected users while continuing its investigation.

Security firms estimate nearly $3M in losses

Blockchain security firm PeckShield reported that the incident appeared to be a phishing campaign targeting Polymarket users.

According to their findings, attackers drained approximately $3 million worth of PUSD from more than 11 victim wallets before bridging the stolen funds from Polygon to Ethereum.

The researchers said the attacker subsequently exchanged the proceeds for roughly 1,893 ETH, consolidating the assets into a monitored Ethereum address.

Polymarket has not publicly confirmed the estimated losses or the number of affected wallets.

Platform promises full reimbursement

Unlike many phishing incidents that leave users responsible for losses, Polymarket said it intends to reimburse everyone affected by the attack.

The company said it is contacting impacted users directly while continuing to investigate the compromise.

No timeline has been provided for either the reimbursement process or the publication of a full incident report.

Final Summary

Polymarket says a compromised third-party vendor injected malicious code into its frontend and has pledged to reimburse affected users.
Security researchers estimate the phishing campaign stole roughly $3 million before the funds were bridged to Ethereum and converted into ETH.

Preguntas relacionadas

QWhat was the cause of the phishing attack on Polymarket users?

AThe attack was caused by a compromised third-party vendor that injected a malicious script into parts of Polymarket's frontend.

QHow much money did the attackers steal according to blockchain security researchers?

AAccording to blockchain security researchers, the attackers stole approximately $3 million worth of PUSD.

QWhat action did Polymarket take after discovering the compromised vendor?

AAfter discovering the compromised vendor, Polymarket removed the affected dependency, contained the incident, and pledged to fully reimburse affected users.

QDid the incident affect the platform's underlying smart contracts?

ANo, the incident appears to have affected only users who interacted with the compromised frontend during the attack window, not the platform's underlying smart contracts.

QWhat did the attackers do with the stolen funds after the phishing attack?

AThe attackers bridged the stolen funds from Polygon to Ethereum and exchanged the proceeds for roughly 1,893 ETH, consolidating the assets into a monitored Ethereum address.

Lecturas Relacionadas

Top 6 presales of June 2026

This article introduces presales as a key fundraising method in crypto, where projects sell tokens to early investors before public launch. It then lists the top 6 presales for June 2026. Nexchain (#1) is an AI-built blockchain ecosystem with a native token, $NEX. Mirex (#2) tokenizes real-world assets on its MRX-20 blockchain, with $MRX as its utility token. Flozy (#3) is a community-driven memecoin ($FLZY) on Base with staking rewards. SurgeXRP (#4) is a tokenized real estate platform using $SGP for fractional property ownership. Blockchain FX (#5) is a licensed hybrid crypto exchange in its final presale stage. Poly Truth (#6) is an AI analytics platform for prediction markets, with $PTRUE as its native token. The article concludes by reminding readers of the importance of personal research before investing in any presale.

ambcryptoHace 45 min(s)

ambcryptoHace 45 min(s)

Bitcoin’s cycle is ‘evolving, but not broken’ – Inside 21Shares’ analysis

21Shares' latest "State of Crypto" report argues that Bitcoin's traditional four-year market cycle is "evolving, but not broken." Despite many analysts believing the cycle ended in early 2026, Bitcoin's price action continues to mirror historical post-halving patterns. After peaking near $126,000 in October 2025, BTC entered a correction, but the current ~50% drawdown is less severe than the 80-90% declines of past bear markets. Crucially, the price has remained above its aggregate cost basis of $54,000, avoiding the outright capitulation typical of cycle bottoms. The report notes that stronger fundamentals do not make Bitcoin immune to cycles, as sentiment is still tied to macroeconomic conditions. It projects a potential recovery toward $100,000 by end-2026. However, ETF markets show stress with recent outflows, and the LTH/STH SOPR ratio falling to ~0.7 indicates selling pressure is primarily from short-term holders. Additionally, negative gamma exposure for market makers below $68,000-$70,000 suggests elevated volatility ahead. In summary, while the cycle persists, its characteristics, including shallower declines and persistent institutional backing, are changing.

ambcryptoHace 1 hora(s)

Bitcoin’s cycle is ‘evolving, but not broken’ – Inside 21Shares’ analysis

ambcryptoHace 1 hora(s)

XRP Weekly RSI Flashes Oversold Signal As Traders Watch $1.10 Support

XRP has moved into a deeply oversold technical setup, with its weekly Relative Strength Index (RSI) reaching levels comparable to prior cycle lows. Traders are closely monitoring the $1.10 price region as a key support level. The current technical signal highlights a critical decision point for XRP, indicating that the next price action around this support could significantly influence near-term trader sentiment. However, the article cautions that the oversold RSI reading alone does not guarantee a price reversal. The outcome will depend on whether buyers defend the support level and if the broader cryptocurrency market, particularly Bitcoin, shows signs of stabilization. The situation underscores XRP's sensitivity to a mix of technical factors, regulatory news, and overall market liquidity conditions.

bitcoinistHace 1 hora(s)

XRP Weekly RSI Flashes Oversold Signal As Traders Watch $1.10 Support

bitcoinistHace 1 hora(s)

Solstice and Tensorx to Buy $1 Billion in AI Infrastructure to Support EU Sovereign AI Demand

Solstice and TensorX have announced a partnership to finance up to $1 billion in European sovereign AI infrastructure, including AI hardware and data-center build-out to meet EU demand for localized compute. TensorX operates a fleet of NVIDIA GPUs in EU data centers with strict data residency. Solstice, an onchain settlement protocol, will provide the financing and launch a new yield-bearing asset called aiUSX. This asset allows companies to deploy capital earmarked for future AI inference costs into infrastructure lending, generating yield while keeping funds liquid. Initially capped at $5 million, aiUSX aims to help companies offset rising AI expenses. Both companies are part of the Deus X Capital ecosystem.

TheNewsCryptoHace 2 hora(s)

Solstice and Tensorx to Buy $1 Billion in AI Infrastructure to Support EU Sovereign AI Demand

TheNewsCryptoHace 2 hora(s)

AAVE price jumps 15% – Can $40.69M in protocol fees sustain the breakout?

AAVE price jumped over 15%, breaking a key resistance level after weeks of consolidation. The rally coincides with strong protocol fundamentals, as Aave generated over $40.69M in fees in the past 30 days, capturing more than 50% of the decentralized lending sector's fees. Network activity is growing, with USDT deposits on its Ethereum Core market nearing $3 billion, indicating deeper liquidity. Whale accumulation at current prices and a bullish long-term price forecast from Standard Chartered have also boosted optimism. The key challenge is whether buyers can hold the broken resistance as support to sustain the breakout momentum.

ambcryptoHace 2 hora(s)

AAVE price jumps 15% – Can $40.69M in protocol fees sustain the breakout?

ambcryptoHace 2 hora(s)

Trading

Spot

Futuros