MUST READ

Third-Party Breach at Polymarket Leads to $2.94M Crypto Theft

 | 

macOS.Gaslight: North Korea-Linked Malware That Tries to Gaslight the Analyst

 | 

Tata Electronics Confirms Data Breach After 630GB Leak Claim Targets Apple and Tesla

 | 

Curl Fixes a 25-Year-Old Bug in Its Largest CVE Release Yet

 | 

Inside Mistic, the New Stealth Backdoor in Ransomware Intrusions

 | 

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited Months Before Disclosure

 | 

Nathan Austad Pleads Guilty in DraftKings Hacking Scheme, Gets 18 Months

 | 

Europol Disrupts StealC and Amadey Malware Infrastructure in Operation Endgame

 | 

Why Frontier AI makes prioritization the most important part of your CTEM program

 | 

Cisco Unified CM Flaw CVE-2026-20230 Actively Exploited in the Wild

 | 

U.S. CISA adds Ubiquiti UniFi OS and Lantronix EDS5000 plugin flaws to its Known Exploited Vulnerabilities catalog

 | 

FortiBleed: The Broker Who Turned 73,000 Firewalls Into a Product Catalog

 | 

One Railway Radio Outage Stopped Trains Across Germany and Nobody Knew Why

 | 

Samsung KNOX Kernel UAF Exposes Millions of Galaxy Devices

 | 

DifyTap: Four Bugs Put over 1 million AI Apps at Risk

 | 

Xsolis Data Breach Impacts 1.4 Million People

 | 

ShapedPlugin Supply Chain Attack Backdoors Pro Plugin Updates

 | 

Squidbleed: 29-Year-Old Squid Bug Leaks User Credentials

 | 

WhatsApp Malware Campaign Hijacks Trust, Installs Legitimate Admin Tools

 | 

Texas Parks & Wildlife (TPWD) Data Breach impacts 3 Million People

 | 

Third-Party Breach at Polymarket Leads to $2.94M Crypto Theft

Pierluigi Paganini June 26, 2026

Polymarket confirmed hackers stole funds from some users after attackers injected malicious code through a compromised third-party vendor.

Polymarket confirmed that a security breach at a third-party vendor allowed attackers to inject malicious code into its website, leading to the theft of funds from an undisclosed number of users.

The company said it has contained the incident and is contacting affected customers. The firm announced it will fully reimburse user losses, however the technical details of the attack have not yet been disclosed.

The attack first came to light when blockchain security researcher Specter spotted a phishing campaign that drained more than 11 Polymarket wallets holding PUSD.

The experts estimanted losses of $2.94 million and reported the attacker moved the stolen funds from Polygon to Ethereum and converted them into 1,893 ETH.

Earlier this week, Polymarket said it would review its promotional content after an investigation found it had paid creators to post fake videos showing fabricated betting wins.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Polymarket)

Cybercrime Hacking hacking news information security news IT Information Security Pierluigi Paganini Polymarket Security Affairs Security News

you might also like

Pierluigi Paganini June 26, 2026
macOS.Gaslight: North Korea-Linked Malware That Tries to Gaslight the Analyst
Read more
Pierluigi Paganini June 25, 2026
Tata Electronics Confirms Data Breach After 630GB Leak Claim Targets Apple and Tesla
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Third-Party Breach at Polymarket Leads to $2.94M Crypto Theft

Security / June 26, 2026

macOS.Gaslight: North Korea-Linked Malware That Tries to Gaslight the Analyst

Malware / June 26, 2026

Tata Electronics Confirms Data Breach After 630GB Leak Claim Targets Apple and Tesla

Data Breach / June 25, 2026

Curl Fixes a 25-Year-Old Bug in Its Largest CVE Release Yet

Security / June 25, 2026

Inside Mistic, the New Stealth Backdoor in Ransomware Intrusions

Cyber Crime / June 25, 2026