Key facts
- Hackers stole approximately $3 million from Polymarket users.
- The exploit occurred due to a compromised third-party vendor.
- Less than 15 user accounts were affected.
- Polymarket will fully reimburse all affected customers.
- This is the platform's second security incident in two months.
Polymarket is set to refund users after a security exploit, stemming from a compromised third-party vendor, resulted in the theft of approximately $3 million. The attack allowed hackers to inject malicious code into the prediction market's front-end, impacting a small number of user accounts. The stolen funds, primarily in pUSD, were converted to ETH and remain in an Ethereum wallet. Polymarket has stated that the frontend issue has been resolved and all affected customers will be fully reimbursed. This incident follows a previous hack last month where a company wallet was compromised, leading to a loss of roughly $700,000. Despite these breaches, core protocols are reported to remain secure.