{"rewrite":{"id":"r_dee463eb4b01a8fe04172d19","clusterId":"c_cd0e961807750c8397c5f994","slug":"polymarket-customers-lose-3-million-in-supply-chain-attack","model":"deepseek-v4-flash","headline":"Polymarket Customers Lose $3 Million in Supply-Chain Attack","summary":"Polymarket announced that malicious JavaScript was inserted into its website via a compromised third-party vendor, resulting in approximately $3 million in customer losses. The prediction market service says it will fully compensate affected users. Blockchain analytics firm PeckShield identified the incident as a phishing attack. Fewer than 15 accounts were affected, and Polymarket's own servers were not compromised.","whyItMatters":"The attack exploited a third-party dependency rather than Polymarket's own infrastructure, a supply-chain vector that leaves even secure platforms vulnerable.","webCardHtml":"\u003cp\u003ePolymarket disclosed on Monday that malicious JavaScript was injected into its frontend after a third-party vendor was compromised. The script targeted some users, and blockchain analytics firm PeckShield tracked approximately $3 million in stolen Polymarket USD tokens that were then exchanged for Ethereum. Data analytics firm Bubblemaps reported that fewer than 15 accounts were affected. Polymarket said it removed the affected dependencies, resolved the bug, and will fully compensate customers. The company stressed that its own servers and backend infrastructure were not breached.\u003c/p\u003e","blueskyPost":"Polymarket says a compromised third-party vendor led to malicious JS on its site. PeckShield tracked ~$3M stolen. Fewer than 15 accounts hit. Polymarket will fully compensate.","twitterPost":"Polymarket says a compromised third-party vendor injected malicious JS into its site. PeckShield tracked ~$3M stolen. Fewer than 15 accounts affected. Polymarket will fully compensate.","threadsPost":null,"newsletterBlurb":"Polymarket disclosed a supply-chain attack in which malicious JavaScript was inserted via a compromised third-party vendor. Blockchain analytics firm PeckShield tracked approximately $3 million in stolen tokens. Fewer than 15 accounts were affected, and Polymarket says it will fully compensate customers.","attributionJson":"[{\"source\":\"GIGAZINE\",\"url\":\"https://gigazine.net/news/20260629-polymarket-3-million-attack/\",\"title\":\"Polymarket customers lose $3 million in supply-chain attack\"}]","lintFlagsJson":null,"lintHits":0,"costUsd":0,"inputTokens":3696,"outputTokens":480,"status":"published","repairAttempts":0,"nextRepairAt":null,"factsAttemptedAt":1782703732,"createdAt":"2026-06-29T03:20:49.000Z","publishedAt":"2026-06-29T03:24:50.000Z","updatedAt":"2026-06-29T03:24:50.000Z"},"cluster":{"id":"c_cd0e961807750c8397c5f994","canonicalTitle":"Polymarketの顧客がサプライチェーン攻撃で300万ドルの損失を被る","representativeArticleId":"a_6d45bcc546968942ccb4321e","sourceCount":1,"writtenSourceCount":1,"writeAttempts":0,"isSolo":false,"entitiesJson":"{\"anime_titles\":[],\"manga_titles\":[],\"work_titles\":[],\"studios\":[],\"people\":[],\"type\":\"news\",\"domain\":\"other\",\"is_roundup\":false}","contentType":"news","status":"published","firstSeenAt":"2026-06-29T02:45:00.000Z","lastSeenAt":"2026-06-29T06:40:00.000Z","updatedAt":"2026-06-29T06:43:09.000Z"},"attribution":[{"source":"GIGAZINE","url":"https://gigazine.net/news/20260629-polymarket-revenue/","title":"Polymarketの年間換算収益が10億ドルを突破、取引量急増の一方でCFTC調査も"}],"entities":{"anime_titles":[],"manga_titles":[],"work_titles":[],"studios":[],"people":[],"type":"news","domain":"other","is_roundup":false},"keyFacts":["Polymarket disclosed on Monday that malicious JavaScript was injected into its frontend after a third-party vendor was compromised.","Blockchain analytics firm PeckShield tracked approximately $3 million in stolen Polymarket USD tokens that were then exchanged for Ethereum.","Data analytics firm Bubblemaps reported that fewer than 15 accounts were affected.","Polymarket said it removed the affected dependencies, resolved the bug, and will fully compensate customers.","The company stressed that its own servers and backend infrastructure were not breached."]}
