$3 Million Reportedly Stolen in Polymarket Hack

The decentralized prediction market said hackers targeted some of its users through a compromise of a third-party vendor. The post $3 Million Reportedly Stolen in Polymarket Hack appeared first on SecurityWeek .

According to reports, decentralized prediction market Polymarket suffered a breach where a compromised third-party vendor injected malicious code into its frontend, enabling hackers to drain around $3 million in cryptocurrency from more than 11 user accounts.[1][3][5] Polymarket states it has contained the incident, removed the affected dependency, and is contacting and refunding impacted users in full.[3][5] From a CyberSE.AI perspective, this illustrates a critical AI supply chain risk: even when core infrastructure and smart contracts are uncompromised, insecure or tampered third-party components (authentication, frontend scripts, SDKs) can be used to hijack user interactions and exfiltrate assets. Organizations deploying AI-powered or web-facing agents should implement rigorous supply chain security, including SBOM-driven dependency tracking, vendor security assessment, and continuous monitoring for code injection or dependency compromise, as supported by CyberSE.AI's "AI Supply Chain & SBOM Advisory" service.