Polymarket users suffered from a front-end malicious script attack, with approximately 3.1 million dollars in funds stolen

Blockchain intelligence company AMLBot's monitoring data shows that recently Polymarket users on the Polygon network had approximately $3.1 million PUSD stolen due to a front-end malicious script intrusion.

The attackers implanted a malicious script that induced users to sign authorization transactions (involving EIP-7702 delegated execution), resulting in the users' wallets being emptied. The stolen funds were then converted to USDC.e through Relay, bridged to Ethereum, and ultimately exchanged for ETH, which was concentrated in a designated address. Currently, about 1891.9 ETH is distributed across three new wallets.

AMLBot pointed out that this attack is similar to the incident involving the 2024 1inch web application, where a wallet theft script was implanted in the Lottie Player library, both cases involved third-party scripts being compromised, leading to front-end contamination.