:

POLYMARKET HIT BY $3M SUPPLY-CHAIN ATTACK

AI DESK1 MIN READ
FRI, JUN 26, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Polymarket customers lost an estimated $3 million after hackers injected malicious code into the platform's frontend through a compromised third-party vendor. The company plans to fully reimburse affected users.

The attack exploited a breach at a third-party vendor integrated with Polymarket's infrastructure, allowing attackers to inject malicious scripts directly into the platform's user interface. Customers unknowingly executed the code while accessing Polymarket, resulting in unauthorized fund transfers. Polymarket disclosed the incident and committed to covering the full $3 million loss for impacted users. The platform has since patched the vulnerability and is conducting a security review of its vendor dependencies. Supply-chain attacks represent a growing threat to crypto platforms and financial services. By targeting trusted third parties rather than companies directly, attackers can bypass security measures and gain access to large user bases. This incident underscores the risks of integrating external code and services without rigorous security vetting.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

A vulnerability called HollowByte enables unauthenticated attackers to trigger denial-of-service conditions on OpenSSL servers using a malicious payload of just 11 bytes. The flaw causes severe memory bloat on affected systems.

1H AGOIndustry Desk

Federal authorities arrested 21-year-old Zyaire Wilkins, accused of publishing fake video games on Steam containing malware designed to steal cryptocurrency from thousands of users.

1H AGOAI Desk

Federal authorities arrested a 21-year-old Florida man suspected of stealing over $220,000 in cryptocurrency through malware-infected Steam games. The scheme infected approximately 8,000 devices and compromised 80 crypto wallets between May 2024 and February 2026.

4H AGOSecurity Desk

Hackers are exploiting legitimate hotel reservations from over 350 properties worldwide to launch convincing spear-phishing campaigns. The targeted attacks use genuine booking details to bypass user skepticism.

4H AGOSecurity Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.