Altcoins News

Story: Polymarket’s $3 Million Frontend Hack Hits 11 Wallets Holding PUSD

By Jean-Luc Maracon

1 / 15

A Third-Party Vendor Did the Damage. The attack vector here wasn't Polymarket's core contracts or its own backend infrastructure.

2 / 15

Second Major Breach in Consecutive Months. What makes this worse is the timing. Last month — not six months ago, not a year ago — Polymarket…

3 / 15

Polymarket got hit. A suspected phishing attack on one of the platform's third-party vendors let hackers inject malicious scripts directly into the prediction market's frontend,…

4 / 15

The breach came to light through an announcement on Polymarket Traders X. Per the post, the compromised dependency has since been removed and the platform says it will fully…

5 / 15

The attack vector here wasn't Polymarket's core contracts or its own backend infrastructure. It was an external vendor — a third-party dependency baked into the frontend.

6 / 15

Specter's analysis pointed to phishing tactics as the likely method used to compromise the vendor in the first place. Once inside, the attackers moved with speed and coordination.

7 / 15

Polymarket said it's reached out for comment but further details from the company are still pending. No additional disclosures have come yet.

8 / 15

Related: $5.1 Million Hits Tornado Cash in 20 Transactions After jaredfromsubway.eth Exploit

9 / 15

Two hacks back to back. That's a rough stretch for any platform.

10 / 15

The crypto space broadly has watched third-party supply chain attacks become more common and more damaging.

11 / 15

Polymarket isn't the only platform that's faced this kind of exposure. Across the industry, projects that rely on external JavaScript libraries, widget providers, or analytics…

12 / 15

The refund commitment from Polymarket matters. For the eleven affected users, getting their funds back is the immediate priority, and the platform moving quickly on that probably…

13 / 15

What Polymarket hasn't done yet — at least publicly — is lay out what changes it's making to how it vets and monitors third-party vendors going forward.

14 / 15

More context: MemeCores M Token Loses 80% in Hours, Wiping Out $3 Billion as Insider Manipulation Fears Grow

15 / 15

The investigation is ongoing. Specter and other on-chain analysts are still tracking the wallet at 0xe65b1C586757c5510B60F998Eebb14C1eF71E1eD.

The Currency Analytics

Want the full story?