Polymarket frontend script-injection integrity disruption
Service Disruption
Summary
Hide ▲
Show ▼
Polymarket’s frontend integrity was disrupted when malicious JavaScript reached the live site through a third-party vendor, triggering fraudulent transactions and about $3 million in losses across fewer than 15 accounts. The platform said its own servers and backend infrastructure were not impacted. Polymarket also said it would fully reimburse affected customers. Independent blockchain analysis later traced the stolen funds across Polygon and Ethereum.
Timeline
-
26.06.2026 21:04 2 articles · 2h ago
Polymarket customers lose about $3 million after frontend script injection
Initial DisclosurePolymarket said a supply-chain attack through a third-party frontend vendor let malicious JavaScript reach the official Polymarket website and trick users into approving fraudulent transactions. The company said its own servers and backend infrastructure were not impacted, estimated losses at about $3 million across less than 15 accounts, and pledged to fully reimburse affected customers.
Show sources
- Polymarket customers lose $3 million in supply-chain attack — www.bleepingcomputer.com — 26.06.2026 21:04
- Polymarket customers lose $3 million in supply-chain attack — www.bleepingcomputer.com — 26.06.2026 21:04