Polymarket Loses $3M in Frontend Exploit
- DeFi Protocol
- Security

Attackers compromised a third-party vendor and injected malicious code into Polymarket's frontend on June 25. The script drained pUSD holdings on Polygon during normal interactions before the vulnerability was removed. Funds were converted to ETH and sent to attacker wallets. Users were later refunded after the $3 million loss.
Incident Details
- Type
- PROTOCOL EXPLOIT
- Funds Lost
- $3M
- Status
- Funds recovered
Vulnerability removed after incident. Users refunded.