Polymarket to reimburse users after third-party compromise triggers $3M phishing attack

ambcryptoPublicado em 2026-06-25Última atualização em 2026-06-25

Resumo

Prediction market platform Polymarket will fully reimburse users after a security breach on June 25. A compromised third-party vendor injected malicious code into Polymarket's frontend, leading to a phishing attack that targeted users interacting with the platform during a specific window. Blockchain security firm PeckShield estimates the attack drained approximately $3 million in PUSD from over 11 wallets. The stolen funds were bridged from Polygon to Ethereum and converted into roughly 1,893 ETH. Polymarket has contained the incident, removed the affected dependency, and is contacting impacted users for full refunds. The platform's underlying smart contracts were not compromised. No detailed postmortem or reimbursement timeline has been provided.

Prediction market platform Polymarket says it will fully reimburse affected users after a compromised third-party vendor injected malicious code into its frontend. This exposed some users to a phishing attack that blockchain security researchers estimate drained nearly $3 million.

In a statement published on June 25, Polymarket said it discovered the compromised vendor earlier in the day, removed the affected dependency, and contained the incident. The company added that it is contacting impacted users and will refund them in full.

The incident appears to have affected only users who interacted with the compromised frontend during the attack window rather than the platform’s underlying smart contracts.

Third-party compromise injected malicious script

According to Polymarket, the attack originated from a compromised third-party vendor that injected a malicious script into parts of the platform’s frontend.

The company said it has since removed the affected dependency and contained the incident. However, it has not disclosed the identity of the compromised vendor or released a detailed technical postmortem.

The platform emphasized that it is working directly with affected users while continuing its investigation.

Security firms estimate nearly $3M in losses

Blockchain security firm PeckShield reported that the incident appeared to be a phishing campaign targeting Polymarket users.

According to their findings, attackers drained approximately $3 million worth of PUSD from more than 11 victim wallets before bridging the stolen funds from Polygon to Ethereum.

The researchers said the attacker subsequently exchanged the proceeds for roughly 1,893 ETH, consolidating the assets into a monitored Ethereum address.

Polymarket has not publicly confirmed the estimated losses or the number of affected wallets.

Platform promises full reimbursement

Unlike many phishing incidents that leave users responsible for losses, Polymarket said it intends to reimburse everyone affected by the attack.

The company said it is contacting impacted users directly while continuing to investigate the compromise.

No timeline has been provided for either the reimbursement process or the publication of a full incident report.

Final Summary

Polymarket says a compromised third-party vendor injected malicious code into its frontend and has pledged to reimburse affected users.
Security researchers estimate the phishing campaign stole roughly $3 million before the funds were bridged to Ethereum and converted into ETH.

Perguntas relacionadas

QWhat was the cause of the phishing attack on Polymarket users?

AThe attack was caused by a compromised third-party vendor that injected a malicious script into parts of Polymarket's frontend.

QHow much money did the attackers steal according to blockchain security researchers?

AAccording to blockchain security researchers, the attackers stole approximately $3 million worth of PUSD.

QWhat action did Polymarket take after discovering the compromised vendor?

AAfter discovering the compromised vendor, Polymarket removed the affected dependency, contained the incident, and pledged to fully reimburse affected users.

QDid the incident affect the platform's underlying smart contracts?

ANo, the incident appears to have affected only users who interacted with the compromised frontend during the attack window, not the platform's underlying smart contracts.

QWhat did the attackers do with the stolen funds after the phishing attack?

AThe attackers bridged the stolen funds from Polygon to Ethereum and exchanged the proceeds for roughly 1,893 ETH, consolidating the assets into a monitored Ethereum address.

Leituras Relacionadas

Lasting 233 Days with Over 50% Drawdown, Is This the Mildest Bear Market to Date?

Bitcoin's current bear market has lasted 233 days as of June 24, making it the fourth-longest cycle since 2014, defined by its price staying below the 200-day moving average (200 DMA) for over 30 days. Historically, the longest bear markets were in 2018-2019 (385 days) and 2022-2023 (381 days), driven by major structural crashes post-all-time highs. In contrast, the current 2025-2026 downturn, following Bitcoin's January 2025 peak of $124,773, appears driven by broader macro shifts like rising interest rates and fading post-halving momentum. This cycle is notably the mildest on record so far, with a peak-to-trough drawdown of 51.2%. Previous major bear markets saw declines between 76.7% and 83.6%. Even the sharp but brief 2020 COVID crash caused a 74.4% drop. As of the analysis date, Bitcoin's price is $62,651, about 22% below its 200 DMA of $76,450. A sustained rally of over one-fifth is needed to reclaim this key level. If the recent low of $60,861 on June 7, 2026, is confirmed as the cycle bottom, historical recovery patterns suggest reclaiming the 200 DMA could take from 65 to 166 days, potentially placing it around August 2026 at the earliest.

marsbitHá 29m

Lasting 233 Days with Over 50% Drawdown, Is This the Mildest Bear Market to Date?

marsbitHá 29m

Domestic First Explosion-Proof Certification, World's First Fueling Brain Solution: How Did They Secure Two 'Firsts'?

China's embodied AI sector is booming, with over ¥37 billion in funding this year. The focus has shifted decisively to real-world application, particularly in hazardous, repetitive tasks humans should avoid. A key, often prohibitive, barrier to entry for robots in environments like gas stations and oil fields is obtaining explosion-proof certification, requiring meticulous hardware and circuit design from the ground up. The article explores three main application areas. At gas stations, the challenge lies in executing a long, precise sequence of actions (opening caps, handling the fuel nozzle) with millimeter accuracy across diverse car models. For facility inspections, robots need sustained autonomous patrols combined with real-time anomaly detection and response. Port scenarios introduce the complexity of multi-robot coordination. Addressing the core challenge of long-horizon tasks, the piece highlights a technical breakthrough: a "world model"-driven approach. This enables predictive planning, allowing the AI to visualize the desired end-state (e.g., nozzle returned, cap closed) and work backward to synthesize intermediate visual frames. This "imagination" of the task trajectory, as implemented in the H-GAR architecture, guides action generation, significantly reducing cumulative error in multi-step operations. The three-step H-GAR process involves generating a coarse action draft, synthesizing target-conditioned observation frames, and then refining actions based on visual context and a memory of past successful motions. The conclusion emphasizes that success in specialized, safety-critical fields requires long-term commitment and deep integration of the "embodied brain" (AI) with a purpose-built, certified physical "body." Mastering this brain-body-data闭环 (closed-loop) is positioned as a crucial competitive advantage for commercialization.

marsbitHá 33m

Domestic First Explosion-Proof Certification, World's First Fueling Brain Solution: How Did They Secure Two 'Firsts'?

marsbitHá 33m

Bitcoin Bear Market Triggers Crypto Layoffs, Yet Fuels Industry's Most Aggressive M&A Wave Ever

A prolonged Bitcoin downturn is forcing crypto companies to lay off employees and automate operations, but has simultaneously triggered the industry's most aggressive wave of mergers and acquisitions (M&A). In the first half of 2026, crypto M&A deal value reached $93.7 billion, 26 times higher than the same period last year. This activity is primarily driven by traditional financial institutions—banks, payment processors, and asset managers—who are acquiring compliant crypto infrastructure like custody solutions, payment rails, and regulatory licenses instead of building them internally. Examples include Mastercard's acquisition of stablecoin firm BVNK and Franklin Templeton's launch of a dedicated crypto division via acquisition. This consolidation contrasts sharply with a shrinking crypto labor market, where active job openings have plummeted. Companies like Coinbase are restructuring to become "AI-native," leading to a sharp increase in roles requiring AI skills, while engineering and compliance positions now dominate hiring. Financially pressured crypto firms, such as Messari which was acquired at a fraction of its prior valuation, are becoming prime targets. Capital remains available but is highly selective, flowing overwhelmingly into businesses that bridge digital assets with traditional finance, such as tokenization platforms and regulated trading venues. The trend indicates a market where capital is rewarding compliant, utility-focused infrastructure while weaker models consolidate or downsize.

marsbitHá 34m

Bitcoin Bear Market Triggers Crypto Layoffs, Yet Fuels Industry's Most Aggressive M&A Wave Ever

marsbitHá 34m

Anthropic Employees Leave to Start a Business, Valued at $1 Billion, Also Focused on 'Recursive Self-Improvement'

Former Anthropic employees Behnam Neyshabur and Harsh Mehta have founded a startup named Mirendil, securing $200 million in seed funding at a $1 billion valuation from investors including Andreessen Horowitz, Kleiner Perkins, and NVIDIA. The company, staffed by researchers from Anthropic, xAI, Google DeepMind, and OpenAI, aims to accelerate scientific discovery by focusing on "recursive self-improvement" for AI. Their vision, described as "AI for AI for Science," is to build a platform enabling research labs in fields like medicine and materials science to develop and iteratively improve their own specialized AI models, rather than relying on general-purpose models from large tech firms. Neyshabur argues this approach, involving AI that can optimize its own code under human supervision, is the fastest path to AI-accelerated science. The founders believe a market opportunity exists because major AI companies, while increasingly using AI to advance their own research, restrict external developers from using their models to train competing products. Mirendil plans to release its first models soon to gather early user feedback, with the goal of empowering thousands of labs to tackle critical scientific challenges.

marsbitHá 56m

Anthropic Employees Leave to Start a Business, Valued at $1 Billion, Also Focused on 'Recursive Self-Improvement'

marsbitHá 56m

Trillion-Dollar Pension Fund Entry? Franklin Bitcoin Dividend Reinvestment ETF Comes with a Built-in Selling Pressure Ceiling

Franklin Templeton has filed to launch two ETFs that embed a "default configuration" logic into Bitcoin investment, aiming to tap into massive pension fund flows. These "Bitcoin Dividend Reinvestment Index ETFs" will initially hold 95% equities and 5% Bitcoin, automatically reinvesting stock dividends to buy Bitcoin. However, a quarterly rebalancing rule forces selling of Bitcoin if its allocation exceeds 5%, capping its maximum holding at 20%. While the product cleverly circumvents advisor reluctance and compliance hurdles by labeling itself as a U.S. equity product, its actual Bitcoin buying power is minimal. Given low dividend yields (e.g., ~1% for broad market indices), annual Bitcoin purchases from a fund the size of Franklin's existing Bitcoin ETF would be a mere $3.6 million—negligible against Bitcoin's daily trading volume. Crucially, during bull markets, the fund becomes a programmed, passive *seller* of Bitcoin, potentially creating sustained sell pressure if many similar funds emerge. The strategy leverages investor inertia and automatic enrollment, similar to the success of target-date funds in 401(k) plans. It also uses an offshore Cayman subsidiary for holding Bitcoin and raises a tax complication where investors must pay taxes on dividends they never receive as cash. Although recent U.S. regulatory changes allow crypto in retirement plans, widespread adoption as a default option faces legal hurdles. The core premise remains: the system doesn't need to convince anyone to buy Bitcoin actively; it simply relies on people doing nothing.

marsbitHá 1h

Trillion-Dollar Pension Fund Entry? Franklin Bitcoin Dividend Reinvestment ETF Comes with a Built-in Selling Pressure Ceiling