Blockchain intelligence firm AMLBot has confirmed the financial toll of last week's supply-chain attack against prediction-market platform Polymarket at approximately $3.1 million in PUSD drained across 11 user wallets. Posted Saturday, the figure is the first forensically confirmed on-chain dollar amount tied to a single intelligence source, and it traces the stolen assets as they were bridged from Polygon to Ethereum and converted into roughly 1,893 ETH. Polymarket has pledged full refunds to affected users but has not publicly named the compromised third-party vendor.
What Happened
The attack began when a compromised third-party vendor injected malicious JavaScript into Polymarket's website. The code operated at the front-end layer, targeting user transactions as they were initiated in the browser. Critically, Polymarket's smart contracts on Polygon were never touched: the integrity of the on-chain collateral system held, and the platform's PUSD token maintained its $1.00 peg throughout the incident, per PolygonScan data for the pUSD contract.
On-chain investigator Specter published the first public alert two days before AMLBot's confirmed tally, identifying more than 11 victim wallets and pinpointing the attacker's primary consolidation address on Ethereum at 0xe65b1C586757c5510B60F998Eebb14C1eF71E1eD. PeckShield independently confirmed that the stolen funds were bridged from Polygon to Ethereum and swapped into roughly 1,893 ETH. Bubblemaps separately counted fewer than 15 affected accounts and estimated around $3 million in losses slated for refund, aligning with Polymarket's own confirmation of fewer than 15 impacted accounts.
What Was Taken
The attacker drained approximately $3.1 million denominated in PUSD, Polymarket's native collateral token. PUSD is a Polygon-based ERC-20 minted 1:1 against USDC.e through the platform's on-chain collateral contracts, deployed in April 2026 per on-chain records. Because PUSD operates exclusively within the Polymarket platform and carries no external exchange listing, the attacker could not cash out directly. The stolen tokens were therefore bridged from Polygon to Ethereum and swapped into roughly 1,893 ETH to exit the ecosystem.
Initial independent estimates pegged the theft lower, at $2.94 million, based on early on-chain wallet tallies. AMLBot's revised count of approximately $3.1 million across 11 wallets adjusts that figure upward and anchors it to confirmed on-chain forensics rather than preliminary observation.
Why It Matters
This incident is a textbook demonstration that securing smart contracts is not the same as securing a platform. Polymarket's on-chain logic was sound and never breached; the loss came entirely through a compromised dependency loaded into the user-facing web application. For any organization relying on third-party scripts, SDKs, or vendor-supplied code in a transaction-signing flow, the attack surface extends far beyond the code an organization writes itself.
The use of a native, non-listed collateral token also offered only limited protection. While PUSD's closed ecosystem forced the attacker into an additional bridging-and-swapping step, it did not prevent exfiltration. That added step does, however, create a forensic trail that investigators like Specter, PeckShield, and AMLBot were able to follow in near real time. Defenders should note both lessons: a closed token economy slows but does not stop a determined attacker, and on-chain transparency remains a powerful incident-response asset.
The Attack Technique
The vector was a software supply-chain compromise. A third-party vendor whose code was integrated into Polymarket's website was breached, allowing the attacker to inject malicious JavaScript into the front end. That script targeted user transactions at the point of interaction, manipulating signing flows in the browser rather than attacking the underlying protocol.
This front-end injection model is increasingly common in Web3 because it bypasses the heavily audited smart-contract layer entirely. Users believe they are interacting with a trusted, contained platform, while the malicious code redirects or alters transactions before they ever reach the chain. Polymarket states it contained the attack, removed the malicious dependency, and moved to refund impacted users. As of publication, the company has not named the compromised vendor across any public channel.
What Organizations Should Do
- Inventory and continuously monitor every third-party script, SDK, and dependency loaded into transaction-signing or payment pages, treating each as a live attack surface.
- Implement Subresource Integrity (SRI) and a strict Content Security Policy to block unauthorized or altered external scripts from executing in the browser.
- Establish real-time front-end integrity monitoring to detect unexpected code changes or DOM manipulation, rather than relying solely on smart-contract audits.
- Vet vendors rigorously and contractually require breach notification, segmentation, and least-privilege access for any party whose code touches the user-facing layer.
- Maintain an incident-response plan that incorporates on-chain forensics partners and address-tagging services to trace and potentially freeze stolen funds quickly.
- Communicate transparently and refund affected users promptly to preserve trust, while disclosing the compromised vendor to help the broader ecosystem defend against the same supply-chain threat.