short
- Hackers took advantage of a compromised third-party vendor to steal around $3 million from a few Polymarket users.
- Polymarket says the issue has been resolved and affected users will be fully compensated.
- This represents the second security incident for the platform within two months.
One of Polymarket’s third-party sellers was hacked on Thursday, leaving its website vulnerable to an exploit that analysts said resulted in millions of dollars in losses for the platform’s users, the prediction market said.
Polymarket declined to comment when contacted DecryptionIt has not publicly stated which of its vendors were at risk. The company said in a statement that the attack allowed hackers to insert malicious code into the front-end of the prediction market Share X.
Ultimately, the hackers stole about $3 million worth of customer funds.
On-chain investigators at Bubblemaps concluded that the potential damage from the hack was largely contained, with fewer than 15 user accounts affected. The blockchain investigations company did not immediately respond DecryptionRequest for comment.
Polymarket said it is in the process of fully refunding affected customers, and the front-end issue has been contained and eliminated.
It’s not yet clear what steps the prediction market platform can take to prevent such exploitation from occurring in the future, since it relies on some third-party companies that appear to be directly involved in running the site.
The attackers appear to have drained funds from Polymarket customers’ wallets containing pUSD, Polymarket’s dollar-pegged stablecoin and backed by… US dollarswhich is used to facilitate all trading operations on the platform. They then converted the stolen funds into ETH, and pooled them into Ethereum walletwhere, as of this writing, they still exist.
Last month, Polymarket suffered another problem hackfrom the wallet used by company employees to top up and pay out user rewards. This vulnerability cost the company approximately $700,000, and was likely caused by a private key hack. Experts said at the time that the matter did not appear to affect the company’s infrastructure or pose broader risks.
However, both this exploit and today’s exploit point to the ability of hackers to infiltrate major companies on the sidelines, even when the underlying protocols remain secure.
Daily debriefing Newsletter
Start each day with the latest news, plus original features, podcasts, videos and more.
