$3 Million Stolen in Polymarket Hack via Vendor Compromise

Polymarket, a decentralized prediction market platform, fell victim to a security incident resulting in the reported theft of $3 million. According to SecurityWeek, the breach occurred when attackers compromised a third-party vendor to target some of the platform's users.

The attack's severity is underscored by the direct financial loss, though no specific CVSS score or active exploitation status beyond this incident was provided in the source. The scope appears limited to affected users, but the exact number of impacted accounts remains undisclosed.

Technical details indicate the compromise was not a direct breach of Polymarket's infrastructure but rather a supply chain attack via a trusted external partner. This allowed hackers to access and siphon funds from user accounts. No indicators of compromise (IOCs) have been publicly shared.

Mitigation steps remain unspecified in the initial report, and it is unclear whether any patches or workarounds have been deployed. Affected users are likely advised to monitor accounts and revoke third-party access, but no official timeline for fix deployment has been provided.

Attribution for the hack has not been established, and the broader threat landscape context is absent from the report. This incident highlights ongoing risks in DeFi ecosystems, where third-party dependencies can create cascading vulnerabilities.