73Trust
Verified
🔍 Web Verified
cryptotimes_globalonThreads4d ago
🚨breaking
Hackers stole approximately $3.1 million in Polymarket’s PUSD token by exploiting a compromised third-party vendor and bridging funds from Polygon to Ethereum. Polymarket has promised full refunds to affected users, highlighting the risks of phishing attacks on decentralized platforms. Ongoing monitoring of impacted accounts is underway to prevent further losses.
#CryptoHack #Polymarket #Web3 #BlockchainSecurity #Ethereum #CryptoNews #DeFi 🚨🔒💸
Trust Metrics
82
75
70
45
Accuracy82%
Framing75%
Context70%
Tone45%
Analysis Summary
Polymarket users lost approximately $3.1 million when hackers injected malicious code into the platform after compromising a third-party vendor, then bridged the stolen PUSD tokens across blockchains. Polymarket has committed to full refunds for affected users. The post mislabels this as a phishing attack when it was actually a supply-chain/frontend compromise — a distinction that matters because it means user security practices alone couldn't have prevented the loss.
Claims Analysis (4)
“Hackers stole approximately $3.1 million in Polymarket's PUSD token”
Multiple credible sources (SecurityWeek, BleepingComputer, CoinDesk, TheNextWeb) confirm the $3M-$3.1M theft figure and PUSD token involvement.
“Exploited a compromised third-party vendor and bridging funds from Polygon to Ethereum”
All major sources confirm the third-party vendor compromise was the attack vector. Multiple sources mention the cross-chain bridging mechanism.
“Polymarket has promised full refunds to affected users”
CoinDesk explicitly states 'the platform promised users full refunds.' BleepingComputer confirms 'Polymarket says it will fully reimburse customers.'
“Phishing attacks on decentralized platforms created this risk”
Post frames this as a phishing attack, but sources describe it as a supply-chain attack via third-party vendor compromise and malicious script injection. Those are distinct from phishing — no user credentials were socially engineered. The attack targeted the platform's frontend, not individual users' security practices.
Was this analysis helpful?
Try ClearFeed free →