Close Menu
Altcoinvest
    What's Hot

    How to research to get started in Crypto

    July 3, 2026

    Standard Chartered wins MiCA passport as EU approves 57 firms

    July 3, 2026

    US Senator Calls for Ban on Elected Officials Issuing Memecoins

    July 3, 2026
    Facebook X (Twitter) Instagram
    Altcoinvest
    • Bitcoin
    • Altcoins
    • Exchanges
    • Youtube
    • Crypto Wallets
    • Learn Crypto
    • bitcoinBitcoin(BTC)$62,695.002.22%
    • ethereumEthereum(ETH)$1,766.904.09%
    • tetherTether(USDT)$1.000.00%
    • binancecoinBNB(BNB)$572.862.81%
    • usd-coinUSDC(USDC)$1.000.01%
    • rippleXRP(XRP)$1.145.31%
    • solanaSolana(SOL)$82.662.30%
    • tronTRON(TRX)$0.3217171.39%
    • Figure HelocFigure Heloc(FIGR_HELOC)$1.040.57%
    • HyperliquidHyperliquid(HYPE)$70.716.70%
    Altcoinvest
    Home»Bitcoin»Polymarket to refund users after $2.94M frontend phishing attack
    Polymarket to refund users after .94M frontend phishing attack
    Bitcoin

    Polymarket to refund users after $2.94M frontend phishing attack

    June 26, 2026
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Polymarket to refund users after $2.94M frontend phishing attack

    Polymarket has confirmed that attackers compromised a third party vendor and used the access to inject malicious code into the platform’s frontend, leading to a phishing attack that drained an estimated $2.94 million from users.

    Summary

    • Polymarket said a third party vendor compromise enabled a phishing attack that stole about $2.94 million from at least 11 user wallets.
    • The platform removed the malicious dependency, contained the incident and said all affected users will receive full refunds.
    • DefiLlama recorded the attack as the 89th crypto security breach of the second quarter, the highest quarterly total by incident count on its records.

    Polymarket disclosed on X that it has removed the affected dependency, contained the incident, and will fully reimburse affected users. 

    This morning we discovered a 3rd party vendor had been compromised, injecting a malicious script into our frontend for some users. We’ve contained it & removed the affected dependency. We’re contacting impacted users & refunding them in full.

    — Polymarket Traders (@PolymarketTrade) June 25, 2026

    Blockchain analyst Specter estimated that the attack drained funds from at least 11 wallets after the malicious script appeared on the platform’s frontend.

    It appears there may be a phishing attack targeting Polymarket users, with estimated losses of $2.94M so far.

    The attacker has drained funds from 11+ victim wallets holding PUSD, swapped the stolen assets for ETH, and consolidated the proceeds into the following address:… pic.twitter.com/6WfS0JhdDG

    — Specter (@SpecterAnalyst) June 25, 2026

    Frontend compromise targets user wallets

    Specter identified the attack as a phishing campaign rather than a protocol exploit. The analyst said the injected script enabled attackers to steal funds from connected wallets after users interacted with the compromised interface.

    DefiLlama recorded the incident as the 89th reported crypto security breach of the second quarter, making it the highest quarterly total by incident count in the platform’s records.

    DefiLlama also reported $74.9 million in losses across 29 crypto exploits during June. That total exceeded May’s $60.5 million but remained well below April’s $644 million.

    The platform listed the $36 million Humanity Protocol exploit as June’s largest attack. Other major incidents included a $4.7 million exploit involving the Secret Network bridge, two separate $2.1 million exploits affecting Aztec, and a $1.7 million bridge exploit on Taiko.

    DefiLlama reported that private key compromises accounted for 43% of exploit losses over the past 30 days. Fake proof exploits represented 10% of losses, while reverse MEV honeypots accounted for 8%.

    Previous exploit traced to compromised private key

    Polymarket disclosed a separate security incident about a month earlier after attackers exploited a six year old private key used for internal top up operations and stole about $600,000.

    Security researchers, including ZachXBT, PeckShield, and Bubblemaps, initially flagged suspicious activity involving Polymarket’s UMA CTF Adapter contract on Polygon. Bubblemaps reported that attackers withdrew 5,000 POL every 30 seconds before estimating total losses at roughly $600,000.

    Polymarket protocol contributor Shantikiran Chanal later attributed that incident to a compromised wallet used for internal operations rather than a vulnerability in the platform’s contracts or core infrastructure. 

    Josh Stevens, the company’s vice president of engineering, stated at the time that user funds and smart contracts remained secure and that all permissions linked to the compromised key had been revoked.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    US Senator Calls for Ban on Elected Officials Issuing Memecoins

    July 3, 2026

    Bitcoin whales bought $16.7 billion of BTC in two weeks even as ETFs bled a record $4 billion

    July 3, 2026

    Bitcoin Exchange Flows Point To More Volatility: Report

    July 3, 2026

    Hyperliquid HIP-3 and HIP-4 Explained: Perps to Predictions

    July 3, 2026
    Add A Comment
    Leave A Reply Cancel Reply

    Tweets by InfoAltcoinvest

    Top Posts

    US Senator Calls for Ban on Elected Officials Issuing Memecoins

    July 3, 2026

    Bitcoin whales bought $16.7 billion of BTC in two weeks even as ETFs bled a record $4 billion

    July 3, 2026

    Bitcoin Exchange Flows Point To More Volatility: Report

    July 3, 2026

    PEPE sees $20.7M whale withdrawal as price holds KEY support: What’s next?

    March 28, 2026

    Bitcoin Bull Score Hits High Amid Bearish Concerns

    April 27, 2026

    UK’s First Water Credit System Now Flows Through Algorand

    May 20, 2026

    Here’s why XRP price is falling after the $2.40 rally

    January 8, 2026

    Altcoinvest is a leading platform dedicated to providing the latest news and insights on the dynamic world of cryptocurrencies.

    We're social. Connect with us:

    Facebook X (Twitter)
    Top Insights

    How to research to get started in Crypto

    July 3, 2026

    Standard Chartered wins MiCA passport as EU approves 57 firms

    July 3, 2026

    US Senator Calls for Ban on Elected Officials Issuing Memecoins

    July 3, 2026
    Get Informed

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.


    Facebook X (Twitter)
    • Home
    • About us
    • Contact Us
    • Privacy Policy
    • Terms & Conditions
    © 2026 altcoinvest.com

    Type above and press Enter to search. Press Esc to cancel.