Decentralized prediction platform Polymarket recently confirmed a sophisticated security breach that allowed unauthorized actors to drain approximately $2.9 million from user accounts. The platform's investigation identified a malicious script injected directly into its frontend interface, which bypassed standard verification protocols.
Swift Containment Efforts
The engineering team at Polymarket acted quickly to isolate the compromised dependency once the anomaly was detected. By removing the malicious code, developers successfully halted the ongoing drain, ensuring that the vulnerability remained localized to the frontend integration.
Commitment to User Reimbursement
In a move to maintain community trust, the company has pledged a full refund for all users affected by the incident. The protocol remains operational, and the team is currently conducting a comprehensive audit of all third-party integrations to prevent future supply chain attacks.
