Polymarket Suffers Third-Party Vendor Exploit, Around $3 Million Stolen, Platform Vows Full Reimbursement

BlockBeats News, June 26, Polymarket, a prediction market platform, revealed on Thursday that one of its third-party suppliers was hacked. The attacker injected malicious code into the platform's frontend, stealing about $3 million worth of pUSD (Polymarket's native stablecoin) from fewer than 15 user accounts. The attacker then converted the funds to ETH and transferred them to an Ethereum wallet, with the funds remaining unmoved at the time of writing.

Polymarket stated that the frontend vulnerability has been identified and fixed. The affected users will be fully compensated but refused to disclose the specific supplier that was compromised.

This is the second security incident at Polymarket in two months. Last month, hackers exploited a private key leak to attack the wallet used internally by the company for recharging and distributing user rewards, resulting in a loss of about $700,000. Both incidents were peripheral penetrations, with the core protocol unaffected. However, the successive security vulnerabilities have highlighted the potential risks associated with the platform's reliance on third-party suppliers.

Polymarket was recently embroiled in controversy following an investigation by The Wall Street Journal, which alleged that it violated regulations by unlawfully marketing to U.S. users through simulated trading and fake profit videos. This security incident has once again put pressure on the platform.