Polymarket hack may have drained close to $3 million from user wallets

FACEPALM: Polymarket users are used to betting on bad outcomes. This time, some of them were on the receiving end after hackers compromised a third-party vendor and used a malicious frontend script to drain funds from wallets.

The prediction market platform said the incident took place on Thursday morning and affected a "small number of users."

Polymarket said it had "contained & removed the affected dependency," adding that it would refund impacted users in full.

The company hasn't said which vendor was compromised, how long the malicious code was active, or exactly how many users were hit. It hasn't confirmed the total amount stolen, either.

PeckShield warned around the same time that a phishing campaign appeared to be targeting Polymarket users. Other investigators put the damage at close to $3 million, with Specter claiming that funds were drained from at least 11 victim wallets holding PUSD, Polymarket's stablecoin used for trading on the platform. The stolen assets were reportedly swapped for Ethereum and consolidated into a single wallet.