Polymarket, a crypto-based prediction markets platform, quickly made an announcement to claim that a third-party vendor had been compromised to allow an attacker to inject a malicious script into the website frontend. Polymarket has said it will refund affected customers.
Polymarket customers lose $2.97 million, company blames third-party vendor
Polymarket customers have lost around $2.97 million to an attacker who then swapped stolen Polymarket USD (pUSD) to ETH.
Users of the SecondFi Cardano wallet lose $2.4 million in series of hacks
Users of the Cardano wallet SecondFi (formerly Yoroi) have lost a cumulative 16 million ADA (~$2.4 million) across three attacks targeting a vulnerability in the project's wallet generation code.
After the attacks commenced, SecondFi "rescued" another 129 million ADA (~$19.4 million) by moving the assets to a third party entity. They have announced that an external accounting firm will verify the funds and process user claims.
Taiko bridge exploited
The Taiko bridge, which allows assets to be transferred between the Ethereum mainnet and the Taiko Ethereum layer-2 chain, was exploited for at least $1.7 million before the network was halted, limiting losses. An attacker was able to forge withdrawal requests to appear as though they matched real deposits. Crypto security firm BlockSec said that the attacker may have gained access to a signing key that had been exposed on GitHub.