$2.9M Stolen in Polymarket Frontend Attack as Users Promised Full Refunds

Polymarket, a prominent prediction market platform, recently revealed that its third-party service provider faced a phishing attack on Thursday. Following the security breach, the prediction market giant confirmed that it will fully reimburse funds for affected users.

As noted by the platform, the attackers injected malicious code into the website. As a result, the hackers were able to steal nearly $2.9 million in user funds.

Polymarket faces frontend exploit, promises refund

According to an X post shared by Wu Blockchain on June 26, the prediction market platform Polymarket has disclosed a significant security breach involving one of its third-party service providers. Reportedly, the compromised third-party vendor enabled attackers to steal about $2.9 million by injecting malicious code into the frontend.

Soon after the security incident on Thursday, Polymarket took to X to reveal it. The X post read,

“This morning we discovered a 3rd party vendor had been compromised, injecting a malicious script into our frontend for some users. We've contained it & removed the affected dependency. We're contacting impacted users & refunding them in full.”

As per the post, Polymarket has promised to refund the affected users. The platform has also confirmed that the frontend issue has been identified and solved. While multiple reporters have reached out to the platform, Polymarket has declined to comment.

Attackers drain pUSD wallets in $2.94M exploit

As per the recent findings, the attackers primarily targeted Polymarket wallets holding pUSD. pUSD is Polymarket’s dollar-pegged stablecoin backed by USDC. It is used for all trading activities on the platform.

Blockchain analytics firm Bubblemaps stated that the Polymarket exploit has affected only 15 users. The hackers swapped the stolen pUSD for ETH and moved them into a single Ethereum wallet. 

Source: Bubblemaps

In addition, Blockchain sleuth Specter unveiled additional wallets connected to the exploit. This indicates that the attacker used multiple addresses during the hack. The addresses, as pointed out by the investigator, include:

• 0xC771A30a7c1aCA828eeEF7B822ac864a64cBaAe2
• 0xC44F2Ca6B30A54d17a62ceF8FAdaF2e8C8632eC4
• 0x10366AdBB5C4101A65C840Da6639546179C5A107
• 0x7BCECe0d8fd92ECCf39Bc35242c6D9aAc0aA75A6

Source: Arkham Intelligence

Will the security challenge continue?

It is worth noting that this is not the first time Polymarket has experienced an exploit. The latest incident follows the platform’s security breach last month, which resulted in a loss of about $700,000. The hackers exploited a wallet used by employees to fund and distribute rewards to users. While the attack was caused by a compromised private key, it didn’t impact the platform’s core infrastructure.

Comparing both incidents, it is clear that the attacks targeted different parts of Polymarket. However, it doesn’t mean that another attack could not be expected. Bad players can still target external systems or operational tools even if the platform’s core protocol remains safe.

While Polymarket has addressed the current issue, it is not clear if the platform has taken sufficient measures to prevent similar attacks in the future. As the platform depends on third-party service providers, it remains vulnerable to future threats.