Son Dakika
FRMort de Jean Pormanove en direct : les premières conclusions de l’autopsie excluent « l’intervention d’un tiers »RUПассажирский самолет TezJet совершил аварийную посадку в БишкекеFRDécision de la cour d'appel de Paris pour Marine Le Pen dans l'affaire des assistants parlementairesCN广西南宁横州市因台风“美莎克”强降雨致4死8失联INLandslide in Wayanad, Kerala: Two Dead, Seven Missing Near Tunnel ProjectCN西江2026年第2号洪水来势汹汹 广东积极应对CN海口海关上半年签发中国-东盟自贸协定原产地证书数量及货值均大幅增长INUAE Revokes Horizon University College's License Over Severe ViolationsCN江啟臣支持盧秀燕對中聯等三業者開罰RUЛавров: милитаризация НАТО закончится поражениемFRMort de Jean Pormanove en direct : les premières conclusions de l’autopsie excluent « l’intervention d’un tiers »RUПассажирский самолет TezJet совершил аварийную посадку в БишкекеFRDécision de la cour d'appel de Paris pour Marine Le Pen dans l'affaire des assistants parlementairesCN广西南宁横州市因台风“美莎克”强降雨致4死8失联INLandslide in Wayanad, Kerala: Two Dead, Seven Missing Near Tunnel ProjectCN西江2026年第2号洪水来势汹汹 广东积极应对CN海口海关上半年签发中国-东盟自贸协定原产地证书数量及货值均大幅增长INUAE Revokes Horizon University College's License Over Severe ViolationsCN江啟臣支持盧秀燕對中聯等三業者開罰RUЛавров: милитаризация НАТО закончится поражением
Newsgather
GeriPolymarket hit by $2.94M phishing attack via third-party vendor compromise
Polymarket hit by $2.94M phishing attack via third-party vendor compromise
SON DAKİKA
Cointelegraph26.06.2026Crypto2 dk okuma

Polymarket hit by $2.94M phishing attack via third-party vendor compromise

Hızlı Bakış

  • Polymarket suffered a $2.94 million phishing attack affecting at least 11 user wallets due to a malicious script injected via a third-party vendor compromise.
  • The prediction market platform has contained the issue, removed the dependency, and promised full refunds to affected users.

Yapay zekâ özeti

Neden Önemli?

This incident follows a separate $600,000 exploit on Polymarket about a month prior, which was traced to a six-year-old private key used for internal top-up operations. The current attack is the 89th reported crypto security breach of Q2, extending the most-hacked quarter on record.

Yazı boyutu

A third-party vendor compromise discovered Thursday allowed attackers to inject a malicious script into Polymarket's frontend, affecting multiple users.

Blockchain analyst Specter said the malicious script appeared to facilitate a phishing attack that drained an estimated $2.94 million from at least 11 Polymarket user wallets.

Polymarket said on X that the compromise has been contained and that the affected dependency has been removed. It added that users would be fully refunded.

Cointelegraph has approached Polymarket for comment but did not receive a response before publication.

The attack was the 89th reported crypto security breach of the second quarter, according to DefiLlama data, extending the most-hacked quarter on record by incident count.

Crypto exploit losses reached $74.9 million across 29 reported incidents in June, surpassing May’s $60.5 million total but remaining far below April’s $644 million, according to DefiLlama data.

The largest June incidents included the $36 million Humanity Protocol exploit, the $4.7 million Secret Network bridge exploit, two separate Aztec exploits worth $2.1 million each and a $1.7 million bridge exploit on Taiko.

Over the past 30 days, private key compromises accounted for 43% of reported exploit losses, making them the leading attack vector, according to DefiLlama. Fake proof exploits accounted for 10%, followed by reverse MEV honeypots at 8%, which present deceptive trading opportunities to lure and manipulate automated trading bots.

About a month before Polymarket's latest attack, the prediction market disclosed a separate $600,000 exploit that was traced to a six-year-old private key used for internal top-up operations. Josh Stevens, Polymarket's vice president of engineering, said the platform's contracts and user funds remained safe and that all permissions tied to the key had since been revoked.

Polymarket currently holds over $450 million in total value locked, up 301% from $112 million a year ago, according to DefiLlama.

Bundan Sonra Ne Olabilir?

Yapay zekâ öngörüsü — kesinlik taşımaz

  • Polymarket will fully refund all affected users.

    Çok muhtemel · Günler içinde

Açık Sorular

  • How was the third-party vendor compromised?
  • What was the specific nature of the 'affected dependency'?
  • What measures will Polymarket take to prevent future vendor compromises?

İlgili Konular

Bu haber ilk olarak şurada yayınlandı: Cointelegraph.

İlgili Haberler

Bu konuda daha fazlapolymarket