What happened
Polymarket said it will fully reimburse customers who lost an estimated $3 million after hackers injected malicious JavaScript into the platform’s frontend through a third-party vendor dependency.
The company said the incident was the result of a supply chain attack affecting a dependency on its website.
During the attack, users on the official Polymarket website were tricked into approving fraudulent transactions. The malicious script was injected through a frontend vendor, allowing the attack to occur through a trusted platform interface rather than a fake external site.
Polymarket said its own servers and backend infrastructure were not affected by the incident.
Independent blockchain intelligence firms estimated that roughly $3 million was stolen from a small number of accounts.
Blockchain security firm PeckShield said the incident involved a phishing campaign that stole approximately $3 million worth of ParyonUSD from users. The stolen funds were later bridged from Polygon to Ethereum and swapped into roughly 1,893 Ether.
Visual analytics firm Bubblemaps estimated that fewer than 15 accounts were affected and published information about some affected accounts and wallets holding the stolen funds.
Polymarket has not shared detailed technical information about how the vendor dependency was compromised, how long the malicious script was active, or what controls failed before the fraudulent transaction prompts reached users.
Who is affected
Polymarket customers who approved fraudulent transactions during the attack are directly affected.
The incident appears to have affected a small number of accounts, with blockchain intelligence estimates placing total losses at roughly $3 million.
The broader risk extends to users of cryptocurrency-based platforms where transaction approval happens through browser-based interactions. Even when a platform’s backend is not compromised, malicious frontend code can still manipulate what users see and approve.
Why CISOs should care
This incident shows how frontend supply chain compromise can directly lead to financial loss. The malicious activity happened through the official Polymarket website, which means users were exposed while interacting with a trusted platform.
For CISOs, the key issue is transaction integrity. In crypto, fintech, and high-value web applications, the frontend is not just a user interface. It is part of the transaction approval path. If attackers can inject JavaScript into that path, they can manipulate prompts, redirect approvals, or deceive users into authorizing malicious actions.
The incident also reinforces the risk of third-party dependencies and vendors. Polymarket said its backend infrastructure was not affected, but the compromise of a frontend dependency was still enough to cause millions of dollars in losses.
This is especially relevant for organizations relying on external scripts, analytics tools, tag managers, customer support widgets, wallet connectors, or other frontend components that run in users’ browsers.
3 practical actions
- Harden frontend supply chain controls: Polymarket said the attack affected a website dependency through a third-party vendor. CISOs should inventory third-party scripts, enforce Subresource Integrity where possible, restrict script sources, and review vendor access to production frontend code.
- Monitor transaction approval behavior: Users were tricked into approving fraudulent transactions on the official website. Security teams should monitor for unusual approval flows, abnormal wallet interactions, sudden spikes in transaction prompts, and mismatches between displayed transaction intent and on-chain activity.
- Build reimbursement and incident response playbooks for customer-facing fraud: Polymarket said it will fully reimburse affected customers. Organizations operating financial or crypto platforms should prepare customer notification, reimbursement, wallet tracing, vendor containment, and forensic workflows before a frontend supply chain incident occurs.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.