FlagThis - Latest Cybersecurity News

Polymarket suffered a supply chain attack where threat actors breached a third-party vendor to inject a malicious JavaScript payload into the platform's frontend. The script intercepted user wallet interactions, facilitating the unauthorized transfer of cryptocurrency from victim wallets to attacker-controlled addresses. Total financial losses are estimated between $2.9 million and $3 million. The attack leveraged compromised CDN or API endpoints and potentially the polymarket-trade/0.1.0 npm package to distribute the payload. Polymarket has since identified the breach and committed to full reimbursement for all affected users.