![AI Drone Rescue Marks First Use of Fire and Rescue NSW’s Advanced Detection System in Kosciuszko National Park]](https://wp.fifu.app/globalindepth.com/aHR0cHM6Ly9pLmd1aW0uY28udWsvaW1nL21lZGlhLzM3NTJlZDZhNDVlMmNjYzBiNGM5NzZmZWYxMjk3NGNiN2UwNDgwMDMvNDU1XzBfMjEwNF8xNjg0L21hc3Rlci8yMTA0LmpwZz93aWR0aD0xMjAwJmhlaWdodD02MzAmcXVhbGl0eT04NSZhdXRvPWZvcm1hdCZmaXQ9Y3JvcCZwcmVjcm9wPTQwOjIxLG9mZnNldC14NTAsb2Zmc2V0LXkwJm92ZXJsYXktYWxpZ249Ym90dG9tJTJDbGVmdCZvdmVybGF5LXdpZHRoPTEwMHAmb3ZlcmxheS1iYXNlNjQ9TDJsdFp5OXpkR0YwYVdNdmIzWmxjbXhoZVhNdmRHY3RaR1ZtWVhWc2RDNXdibWMmZW5hYmxlPXVwc2NhbGUmcz0xYzM3M2ZiNGMzM2Y1ZTU3MWY1Y2E1MDczYTNhMDg4OA/317023753f8b/ai-drone-rescue-marks-first-use-of-fire-and-rescue-nsws-advanced-detection-system-in-kosciuszko-national-park.webp?w=1024&h=1024&c=0&p=43884 "AI Drone Rescue Marks First Use of Fire and Rescue NSW’s Advanced Detection System in Kosciuszko National Park]")
Polymarket, the world’s largest prediction market, disclosed that a compromised third‑party service injected malicious code into its frontend, enabling attackers to steal approximately $2.94 million from fewer than fifteen users. The company affirmed that it will fully reimburse all affected victims.
Malicious Script Targeted PUSD Wallets on Polygon
In a statement posted on X, Polymarket said it discovered that “a 3rd party vendor had been compromised,” allowing a malicious script to be injected into its frontend for some users.
This morning we discovered a 3rd party vendor had been compromised, injecting a malicious script into our frontend for some users. We’ve contained it & removed the affected dependency. We’re contacting impacted users & refunding them in full.
— Polymarket Traders (@PolymarketTrade) June 25, 2026
The incident appears to have been a frontend supply‑chain attack rather than a smart contract exploit, with users tricked into signing malicious transactions through the altered interface.
Polymarket said there is no evidence its core smart contracts or protocol‑held funds were compromised. The attack appears to have relied on deceiving users into authorizing malicious transactions through the altered frontend.
Nearly $3 Million Bridged to Ethereum
Blockchain security firm PeckShield cited findings from on‑chain investigator Specter, reporting that the phishing campaign drained roughly $2.94 million worth of PUSD from Polymarket users.
According to PeckShield, the attacker bridged the stolen assets from Polygon to Ethereum before swapping them for roughly 1,893 ETH.
Polymarket said there is no evidence its core smart contracts or protocol‑held funds were compromised. The attack appears to have relied on deceiving users into authorizing malicious transactions through the altered frontend.
A Rough Week for Polymarket
The incident comes days after a Wall Street Journal report alleged that Polymarket paid online creators to publish misleading promotional videos showing fabricated bets and winnings. The company subsequently announced an audit of its marketing content.
Last month, a company‑controlled wallet used for employee top‑ups and user rewards lost roughly $700,000 after a private key was compromised. Polymarket said user funds were unaffected.
Why This Matters
The incident highlights the growing threat of supply‑chain attacks in crypto, where attackers target third‑party software providers rather than blockchain protocols themselves. Even platforms with secure smart contracts can expose users to losses if their web interfaces are compromised.
Also Read
- GBP/JPY Weekly Technical Outlook: Consolidation Prevails as Key Levels Define Direction
- U.S.-Regulated Crypto Perpetual Futures Launch, With Bitcoin Leading the Way
- Wall Street’s Next Tokenization Test: BlackRock-Backed Securitize’s Market Debut
- Silver Slides Below $60 as Bearish Momentum Targets $55 Support
