AMLBot Puts Polymarket Phishing Toll at $3.1M Across 11 Wallets, Funds Traced to Ethereum - "The Defiant"

Blockchain intelligence firm AMLBot has fixed the total stolen in Thursday's Polymarket supply-chain attack at approximately $3.1 million in PUSD, providing the first forensically confirmed on-chain dollar figure and tracing the stolen assets from Polygon to Ethereum. On-chain investigator Specter, which published the first public alert, identified more than 11 victim wallets.

AMLBot posted the revised tally on Saturday, two days after on-chain investigators first flagged the drain. The figure revises earlier estimates upward and, for the first time, pins both the dollar amount to a single on-chain intelligence source. AMLBot said it continues to monitor affected accounts as the investigation proceeds.

The attack, covered by The Defiant on Thursday, began when a compromised third-party vendor injected malicious JavaScript into Polymarket's website. The code targeted user transactions at the front-end layer; Polymarket's smart contracts on Polygon were untouched. Polymarket confirmed fewer than 15 accounts were affected, consistent with scope described by on-chain security researchers tracking the wallets in real time.

On-chain investigator Specter published the first public alert and identified the attacker's primary consolidation address on Ethereum: `0xe65b1C586757c5510B60F998Eebb14C1eF71E1eD`. PeckShield confirmed the stolen funds were bridged from Polygon to Ethereum and then swapped into roughly 1,893 ETH. Bubblemaps independently counted fewer than 15 affected accounts and estimated $3 million in losses being refunded.