今日已更新 412 条资讯 | 累计 19972 条内容
关于我们

Polymarket Hack: How Third-Party Vendors Risk Your Crypto

Newzlet 2026年06月28日 08:40 2 次阅读 来源:Dev.to

What We Know: The Basics of the Breach Polymarket, one of the largest prediction market platforms in the crypto space, confirmed on X that hackers stole funds from users after attackers compromised a third-party vendor. The breach allowed the attackers to inject malicious code directly into Polymarket's website, though the company specified the code ran "for some users" — a detail that raises immediate questions about whether the attack was deliberately targeted or only partially executed before detection. Polymarket spokesperson Connor Brandi confirmed to TechCrunch that the vendor compromise resulted in direct theft of user funds. Beyond that confirmation, the company declined to answer specific questions about the incident, leaving the scale of the financial damage, the identity of the compromised vendor, and the exact mechanism of the malicious code injection all officially unaddressed. The platform says it has contained the breach and is reaching out directly to affected users, committing to full refunds. No figure for total stolen funds has been disclosed. Blockchain monitoring firm PeckShield flagged suspicious activity around the same time Polymarket made its public announcement, adding an independent layer of confirmation that something significant moved on-chain during the incident window. What stands out immediately in the crypto security community is where the failure originated. The Polymarket platform itself was not the direct point of entry — a third-party vendor was. That distinction matters enormously. Users who trusted Polymarket's smart contract security and on-chain transparency had no visibility into the web infrastructure dependencies sitting between them and the prediction market interface. The malicious code injection attack, a technique that exploits trusted website supply chains, bypassed the decentralized architecture that crypto platforms often promote as a security feature. The incident joins a growing list of Web3 platform breaches wher

本文内容来源于互联网,版权归原作者所有
查看原文