A security breach at a third-party vendor used by Polymarket has resulted in the theft of approximately $2.94 million in cryptocurrency from some of its users. The attackers were able to inject malicious code into Polymarket's website through the compromised vendor, allowing them to steal funds from an undisclosed number of accounts. Polymarket has confirmed that it has contained the incident and is in the process of notifying affected customers, with plans to fully reimburse their losses1. The company has not yet released technical details of the attack, such as the specific vulnerability exploited or the timeline of the breach. This incident highlights the risks associated with third-party vendors and the importance of robust security measures to prevent such breaches. The reimbursement of user losses by Polymarket may help to mitigate the damage, but the incident still matters to practitioners as it underscores the need for vigilant monitoring of third-party vendors and robust incident response planning.