Users of the prediction platform Polymarket fell victim to a phishing campaign in which attackers drained roughly $3 M in the stablecoin PUSD. The incident was reported by the PeckShield Alert team, citing analyst Specter. Polymarket confirmed the breach and said a third-party provider had been compromised.
According to Specter, the stolen funds were moved from Polygon to Ethereum and then converted into about 1,893 ETH. One of the addresses tied to the attack received several transactions totaling more than $2.9 M.
The platform's team said it discovered the compromise of a third-party vendor that morning — the vendor whose code was injecting a malicious script into the frontend for some users. The vulnerable dependency was removed, and the spread of the script was stopped.
Polymarket is reaching out to those affected and has promised to fully reimburse their losses.
Read more:
This post is for informational purposes only and does not constitute advertising or investment advice. Please do your own research before making any decisions.
