MarketPR
A $2.9 million theft hit Polymarket after attackers injected a malicious script into the prediction market platform's frontend, compromising user funds.
Polymarket said it contained the breach and removed the affected software dependency. The platform has committed to refunding affected users.
How the Attack Was Executed The attack moved through a dependency — a software component embedded in Polymarket's frontend — placing malicious code directly inside the browser-facing layer users interact with.
Rather than targeting Polymarket's underlying on-chain contracts, the attackers chose the interface in front of them, embedding a script that users had no reason to suspect. The result was $2.9 million in stolen funds.
Keep reading