Polymarket to reimburse users after third-party compromise triggers $3M phishing attack

ambcrypto2026-06-25 tarihinde yayınlandı2026-06-25 tarihinde güncellendi

Özet

Prediction market platform Polymarket will fully reimburse users after a security breach on June 25. A compromised third-party vendor injected malicious code into Polymarket's frontend, leading to a phishing attack that targeted users interacting with the platform during a specific window. Blockchain security firm PeckShield estimates the attack drained approximately $3 million in PUSD from over 11 wallets. The stolen funds were bridged from Polygon to Ethereum and converted into roughly 1,893 ETH. Polymarket has contained the incident, removed the affected dependency, and is contacting impacted users for full refunds. The platform's underlying smart contracts were not compromised. No detailed postmortem or reimbursement timeline has been provided.

Prediction market platform Polymarket says it will fully reimburse affected users after a compromised third-party vendor injected malicious code into its frontend. This exposed some users to a phishing attack that blockchain security researchers estimate drained nearly $3 million.

In a statement published on June 25, Polymarket said it discovered the compromised vendor earlier in the day, removed the affected dependency, and contained the incident. The company added that it is contacting impacted users and will refund them in full.

The incident appears to have affected only users who interacted with the compromised frontend during the attack window rather than the platform’s underlying smart contracts.

Third-party compromise injected malicious script

According to Polymarket, the attack originated from a compromised third-party vendor that injected a malicious script into parts of the platform’s frontend.

The company said it has since removed the affected dependency and contained the incident. However, it has not disclosed the identity of the compromised vendor or released a detailed technical postmortem.

The platform emphasized that it is working directly with affected users while continuing its investigation.

Security firms estimate nearly $3M in losses

Blockchain security firm PeckShield reported that the incident appeared to be a phishing campaign targeting Polymarket users.

According to their findings, attackers drained approximately $3 million worth of PUSD from more than 11 victim wallets before bridging the stolen funds from Polygon to Ethereum.

The researchers said the attacker subsequently exchanged the proceeds for roughly 1,893 ETH, consolidating the assets into a monitored Ethereum address.

Polymarket has not publicly confirmed the estimated losses or the number of affected wallets.

Platform promises full reimbursement

Unlike many phishing incidents that leave users responsible for losses, Polymarket said it intends to reimburse everyone affected by the attack.

The company said it is contacting impacted users directly while continuing to investigate the compromise.

No timeline has been provided for either the reimbursement process or the publication of a full incident report.

Final Summary

Polymarket says a compromised third-party vendor injected malicious code into its frontend and has pledged to reimburse affected users.
Security researchers estimate the phishing campaign stole roughly $3 million before the funds were bridged to Ethereum and converted into ETH.

İlgili Sorular

QWhat was the cause of the phishing attack on Polymarket users?

AThe attack was caused by a compromised third-party vendor that injected a malicious script into parts of Polymarket's frontend.

QHow much money did the attackers steal according to blockchain security researchers?

AAccording to blockchain security researchers, the attackers stole approximately $3 million worth of PUSD.

QWhat action did Polymarket take after discovering the compromised vendor?

AAfter discovering the compromised vendor, Polymarket removed the affected dependency, contained the incident, and pledged to fully reimburse affected users.

QDid the incident affect the platform's underlying smart contracts?

ANo, the incident appears to have affected only users who interacted with the compromised frontend during the attack window, not the platform's underlying smart contracts.

QWhat did the attackers do with the stolen funds after the phishing attack?

AThe attackers bridged the stolen funds from Polygon to Ethereum and exchanged the proceeds for roughly 1,893 ETH, consolidating the assets into a monitored Ethereum address.

İlgili Okumalar

Bitcoin’s fall to $60K changes things, but what does the data say?

Bitcoin (BTC) has fallen below the $60,000 mark, trading around $59.5K after failing to hold the $63K support zone. Despite the price decline, exchange netflows remain positive, indicating continued BTC inflows which could signal readiness to sell, hedge, or trade. Open Interest (OI) has dropped significantly from its 2025 peak to approximately $20.6 billion, suggesting reduced leverage and a less crowded market, potentially lowering the risk of large, liquidation-driven moves. Notably, trading volume spikes, often signaling key turning points, have recently been more driven by derivatives activity than traditional spot market movements. While this indicates large players, including ETFs, are still active, it raises the question of whether significant volume will return while Bitcoin remains in an uncertain range. The market's next direction is likely to be influenced by spot flows, ETF activity, and derivatives positioning around the current $59K-$60K zone.

ambcrypto32 dk önce

Bitcoin’s fall to $60K changes things, but what does the data say?

ambcrypto32 dk önce

Senator Lummis Pushes For CLARITY Act Vote Before Recess

Senator Cynthia Lummis is advocating for a Senate vote on the CLARITY Act before the upcoming recess, highlighting its continued importance for U.S. crypto market-structure legislation. The bill aims to provide clear regulatory frameworks, distinguishing how digital assets are classified and overseen by agencies like the SEC and CFTC. Its advancement is seen as crucial for reducing industry uncertainty, potentially encouraging institutional investment by clarifying legal treatment and compliance requirements. Market observers view progress on this legislation as a key indicator of whether U.S. crypto policy can transition from debate to established law, impacting exchanges, custody services, and broader market sentiment. Conversely, further delays could perpetuate a fragmented, enforcement-heavy regulatory environment.

bitcoinist43 dk önce

Senator Lummis Pushes For CLARITY Act Vote Before Recess

bitcoinist43 dk önce

Top 6 presales of June 2026

This article introduces presales as a key fundraising method in crypto, where projects sell tokens to early investors before public launch. It then lists the top 6 presales for June 2026. Nexchain (#1) is an AI-built blockchain ecosystem with a native token, $NEX. Mirex (#2) tokenizes real-world assets on its MRX-20 blockchain, with $MRX as its utility token. Flozy (#3) is a community-driven memecoin ($FLZY) on Base with staking rewards. SurgeXRP (#4) is a tokenized real estate platform using $SGP for fractional property ownership. Blockchain FX (#5) is a licensed hybrid crypto exchange in its final presale stage. Poly Truth (#6) is an AI analytics platform for prediction markets, with $PTRUE as its native token. The article concludes by reminding readers of the importance of personal research before investing in any presale.

ambcrypto2 saat önce

ambcrypto2 saat önce

Bitcoin’s cycle is ‘evolving, but not broken’ – Inside 21Shares’ analysis

21Shares' latest "State of Crypto" report argues that Bitcoin's traditional four-year market cycle is "evolving, but not broken." Despite many analysts believing the cycle ended in early 2026, Bitcoin's price action continues to mirror historical post-halving patterns. After peaking near $126,000 in October 2025, BTC entered a correction, but the current ~50% drawdown is less severe than the 80-90% declines of past bear markets. Crucially, the price has remained above its aggregate cost basis of $54,000, avoiding the outright capitulation typical of cycle bottoms. The report notes that stronger fundamentals do not make Bitcoin immune to cycles, as sentiment is still tied to macroeconomic conditions. It projects a potential recovery toward $100,000 by end-2026. However, ETF markets show stress with recent outflows, and the LTH/STH SOPR ratio falling to ~0.7 indicates selling pressure is primarily from short-term holders. Additionally, negative gamma exposure for market makers below $68,000-$70,000 suggests elevated volatility ahead. In summary, while the cycle persists, its characteristics, including shallower declines and persistent institutional backing, are changing.

ambcrypto2 saat önce

Bitcoin’s cycle is ‘evolving, but not broken’ – Inside 21Shares’ analysis

ambcrypto2 saat önce

XRP Weekly RSI Flashes Oversold Signal As Traders Watch $1.10 Support

XRP has moved into a deeply oversold technical setup, with its weekly Relative Strength Index (RSI) reaching levels comparable to prior cycle lows. Traders are closely monitoring the $1.10 price region as a key support level. The current technical signal highlights a critical decision point for XRP, indicating that the next price action around this support could significantly influence near-term trader sentiment. However, the article cautions that the oversold RSI reading alone does not guarantee a price reversal. The outcome will depend on whether buyers defend the support level and if the broader cryptocurrency market, particularly Bitcoin, shows signs of stabilization. The situation underscores XRP's sensitivity to a mix of technical factors, regulatory news, and overall market liquidity conditions.

bitcoinist2 saat önce

XRP Weekly RSI Flashes Oversold Signal As Traders Watch $1.10 Support

bitcoinist2 saat önce

İşlemler

Spot

Futures