Polymarket Suffers $3M+ Crypto Drain via Third-Party Vendor Compromise
Prediction market platform Polymarket disclosed a breach where hackers compromised a third-party vendor, injected malicious code into the website for some users, and drained approximately $3 million (updated reports around $3.1M) in pUSD (USDC-backed) from at least 11 user wallets. The funds were subsequently swapped and moved to Ethereum. The platform has contained the incident, promised full refunds to affected users, and is notifying victims. The incident was disclosed on June 28, 2026.
Signal context
First seen: Jun 28, 2026
Last updated: Jun 29, 2026
Status: Public signal
Key points
- Over $3 million in pUSD (USDC-backed) stolen.
- Affected at least 11 user wallets.
- Resulted from a compromised third-party vendor and malicious code injection.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Information
Likely country: Location not provided
The feed marks multiple actor roles. Treat this as a review signal rather than a final attribution.
- Source type: outside the affected organization
- Source type: supplier or third-party involvement
Impact area: Confidentiality
- 33 signals in the same sector
- 95 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
Security Check-in Quick Hits: Russian Messaging Phishing, Polymarket Crypto Drain, and Tata Supplier Breach Spotlight Persistent Supply Chain and Social Engineering Risks - Rod's Bloghttps://rodsblog.com/2026/06/28/security-check-in-quick-hits-russian-messaging-phishing-polymarket-crypto-drain-and-tata-supplier-breach-spotlight-persistent-supply-chain-and-social-engineering-risks/Public source from rodsblog.com.
Cybercrime Wire For Jun. 27-28, 2026. Weekend Update. WCYB Digital Radio. - YouTubehttps://www.youtube.com/watch?v=dQw4w9WgXcQPublic source from youtube.com.
Related signals
Grouped by why the signal is relevant.
STNet Email Accounts Impacted by KDDI Data Breach
STNet, an internet service provider, was impacted by a data breach disclosed by KDDI Corporation on June 28, 2026. The breach, stemming from a vulnerability in third-party software used by KDDI's email system, exposed up to 14.2 million email accounts across several Japanese ISPs, including STNet. Email addresses and passwords of STNet customers may have been compromised.
JCOM Email Accounts Impacted by KDDI Data Breach
JCOM, an internet service provider, was impacted by a data breach disclosed by KDDI Corporation on June 28, 2026. The breach, stemming from a vulnerability in third-party software used by KDDI's email system, exposed up to 14.2 million email accounts across several Japanese ISPs, including JCOM. Email addresses and passwords of its customers may have been compromised.
KDDI Corporation Email System Data Breach
Japanese telecommunications operator KDDI Corporation disclosed a data breach affecting an email system it provides to multiple internet service providers. Threat actors exploited a vulnerability in unnamed third-party software, potentially exposing up to 14.22 million email addresses and passwords of current, former, and inactive customers. The compromise was discovered on June 17, 2026, and technical defensive measures were immediately implemented. KDDI has reported the incident to Japanese privacy and telecommunications regulators.
LastPass Customer Data Compromised via Third-Party Vendor Klue
LastPass confirmed a new data loss incident where customer data was accessed through a compromise of Klue, a third-party market intelligence platform used by LastPass's marketing and sales teams. Attackers gained access to OAuth tokens belonging to Klue clients, which were then used to access LastPass-related data in Salesforce. Exposed data includes names, phone numbers, email addresses, postal addresses, customer relationship information, commercial data, and support records. LastPass assures that user password vaults were not affected.
KDDI Web Communications Email Accounts Impacted by KDDI Data Breach
KDDI Web Communications, an internet service provider, was impacted by a data breach disclosed by KDDI Corporation on June 28, 2026. The breach, stemming from a vulnerability in third-party software used by KDDI's email system, exposed up to 14.2 million email accounts across several Japanese ISPs, including KDDI Web Communications. Email addresses and passwords of its customers may have been compromised.
Chubu Telecommunications Email Accounts Impacted by KDDI Data Breach
Chubu Telecommunications, an internet service provider, was impacted by a data breach disclosed by KDDI Corporation on June 28, 2026. The breach, stemming from a vulnerability in third-party software used by KDDI's email system, exposed up to 14.2 million email accounts across several Japanese ISPs, including Chubu Telecommunications. Email addresses and passwords of its customers may have been compromised.