Polymarket to Refund Users After Scammers Swipe Millions in Website Exploit
Summary
Polymarket said a third-party vendor was hacked, letting attackers inject malicious code into its website’s front end and steal about $3 million from users. The company said the issue has been contained and removed, and it is refunding affected customers in full. On-chain analysts at Bubblemaps said the damage appears limited to fewer than 15 accounts. The stolen funds came from customer wallets holding pUSD, Polymarket’s platform stablecoin, and were converted to ETH and consolidated in an Ethereum wallet. Polymarket did not identify the compromised vendor. The incident follows another recent Polymarket hack that reportedly cost about $700,000, underscoring risks from external dependencies even when core protocols remain secure.
