Customers of Polymarket, a prediction market platform, collectively lost an estimated $3 million in a supply chain attack that surfaced on June 26, 2026. The compromise originated from a breach at an unnamed third-party vendor, which enabled attackers to inject a malicious script directly into Polymarket's frontend. This client-side attack allowed the unauthorized script to execute within users' browsers as they accessed the legitimate platform, likely facilitating the theft of funds or sensitive user information through web skimming techniques1. Polymarket has publicly stated its intention to fully reimburse all customers impacted by this incident. This event highlights the persistent and growing risk posed by vulnerabilities within software supply chains, where a single weak link in a vendor's security posture can lead to significant financial and reputational damage for downstream organizations and their users. Proactive supply chain risk management and stringent third-party security audits are increasingly indispensable to mitigate such pervasive threats.
Polymarket customers lose $3 million in supply-chain attack
⚡ High Priority
Why This Matters
Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platform's frontend following a breach at a.
References
- BleepingComputer. (2026, June 26). Polymarket customers lose $3 million in supply-chain attack. *BleepingComputer*. https://www.bleepingcomputer.com/news/security/polymarket-customers-lose-3-million-in-supply-chain-attack/
Original Source
BleepingComputer
Read original →