Decentralized prediction market Polymarket has promised to fully refund users affected by a hacker attack that came to light this week.
Polymarket is a cryptocurrency-based prediction market platform that enables users to trade on the likely outcomes of real-world events ranging from elections and economic indicators to sports and cultural happenings.
The company has shared little information about the incident.
“This morning we discovered a 3rd party vendor had been compromised, injecting a malicious script into our frontend for some users. We’ve contained it & removed the affected dependency,” Polymarket said in a Thursday post on X.
It noted that impacted users will be contacted and fully refunded, but it did not clarify how many users were affected and how much cryptocurrency was stolen.
Blockchain security company PeckShield reported that roughly $3 million worth of pUSD, Polymarket’s USDC-backed trading currency, was stolen via a phishing campaign.
“The attacker bridged the stolen funds from Polygon to Ethereum and swapped them into ~1,893 ETH,” PeckShield said.
A blockchain analyst confirmed that the losses total nearly $3 million, with funds stolen from at least 11 victims. It’s unclear who is behind the attack.
SecurityWeek has reached out to Polymarket for confirmation of the amount stolen and the number of impacted users. This article will be updated if the company responds.
UPDATE: Polymarket told SecurityWeek it has no further comment beyond its post on X at this time.
Related: $290 Million Kelp DAO Crypto Heist Blamed on North Korea
Related: CryptoBandits Malware Doubles as a Backdoor, Abuses Tor
Related: Dozens of Malicious Crypto Apps Land in Apple App Store
Related: International Operation Targets Multimillion-Dollar Crypto Theft Schemes
