$2.9M Stolen from Polymarket in Frontend Attack, Full Reimbursement Promised

$2.9M Stolen from Polymarket in Frontend Attack, Full Reimbursement Promised

Following the discovery that hackers embedded malicious code into its frontend through a compromised third-party vendor, Polymarket announced it has neutralized the threat and eliminated the vulnerable dependency.

Attackers successfully embedded malicious code into Polymarket's frontend interface through a compromised third-party vendor in an incident that came to light on Thursday, impacting several users of the platform.

According to blockchain analyst Specter, the embedded malicious code enabled a phishing operation that successfully drained approximately $2.94 million from a minimum of 11 user wallets connected to Polymarket.

In a statement posted to X, Polymarket confirmed that the security breach has been successfully contained and that the compromised dependency has been eliminated from their system. The platform further committed to providing complete refunds to all affected users.

Despite outreach efforts, Cointelegraph did not receive a comment from Polymarket prior to publishing this report.

Based on data from DefiLlama, this incident marks the 89th documented crypto security compromise during the second quarter, adding to what is already the most-breached quarter in history when measured by the number of individual incidents.

Polymarket attack details
Source: Specter

Crypto exploit losses reach $74.9M across 29 June incidents

The cryptocurrency sector experienced exploit-related losses totaling $74.9 million throughout 29 documented incidents during June, exceeding the $60.5 million recorded in May while falling significantly short of April's massive $644 million figure, based on DefiLlama data.

Monthly crypto exploit losses
Total value hacked by monthly sum, 1-year chart. Source: DefiLlama.

Notable security breaches during June encompassed the $36 million Humanity Protocol compromise, the $4.7 million exploit targeting the Secret Network bridge, a pair of Aztec exploits each resulting in $2.1 million in losses, and a bridge vulnerability on Taiko leading to $1.7 million in theft.

According to DefiLlama's analysis of the previous 30-day period, compromises involving private keys represented 43% of all documented exploit losses, establishing them as the predominant attack methodology. Exploits utilizing fake proofs comprised 10% of losses, with reverse MEV honeypots contributing 8%, a technique that creates misleading trading scenarios designed to trap and exploit automated trading algorithms.

Approximately one month prior to this most recent security incident, Polymarket revealed a distinct $600,000 exploit linked to a six-year-old private key that had been utilized for internal top-up functions. Josh Stevens, Polymarket's vice president of engineering, clarified that the platform's smart contracts and user funds remained secure and that all access permissions associated with the compromised key had been subsequently revoked.

Exploit techniques breakdown
Total value hacked by technique over the past 30 days. Source: DefiLlama

DefiLlama data indicates that Polymarket presently maintains more than $450 million in total value locked, representing a 301% increase compared to the $112 million recorded one year earlier.

← Torna al blog