Polymarket Hit by Cyberattack, Millions in Crypto Stolen
The popular prediction market platform, Polymarket, has been the target of a significant cyberattack, resulting in the loss of approximately $3 million in cryptocurrency. The platform confirmed the incident, stating that the breach occurred through a compromised third-party vendor dependency.
How the Attack Unfolded
In a statement released on X, Polymarket explained that the attackers injected a malicious script into its frontend, impacting some users. The company has since taken steps to contain the incident and has removed the compromised dependency. However, Polymarket has not disclosed the identity of the third-party vendor involved or the specific dependency that was exploited.
Victims to Be Fully Refunded
Polymarket is actively contacting all affected users and has pledged to refund them in full. While the exact number of individuals impacted has not been officially stated, analysis from blockchain monitoring firms suggests that around 11 users may have lost funds.
Community Reactions and Potential Leads
The news of the breach has drawn sharp reactions from the online community. Many users expressed a lack of surprise, with some suggesting the platform had previously provoked potential attackers. One victim shared a theory on X, speculating that the compromise might have originated from a Virtual Private Server (VPS) provided by Xorek Cloud, as they had recently used a VPS from the provider and stored their private key on it.
Broader Implications for Third-Party Security
This incident highlights the persistent risks associated with third-party vendor dependencies in the digital landscape. Even platforms with robust security measures can be vulnerable if their supply chain is compromised. Polymarket’s swift action to refund victims demonstrates a commitment to mitigating the damage, but the event serves as a stark reminder of the evolving threat landscape for cryptocurrency-based platforms.
