VERDICT —OUT OF SCOPE
Root cause is phishing — victims signed malicious transactions or approvals off-protocol. Contract logic was not the failure surface; user-side wallet hygiene was. Pre-deployment audit cannot catch this class.
▰ METHOD
PHISHING
PHISHING
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
According to a post by crypto trader @25usdc, hackers are exploiting the comment section of Polymarket to carry out scam activities, resulting in losses exceeding $500,000. The attackers post links to their phishing websites in an obfuscated, non-plain-text format. When users log in to these sites via email, malicious scripts are injected, leading to data breaches and the loss of funds. Attack method (per SlowMist): Phishing attack. Reported loss: $ 500,000.
Primary source
https://x.com/25usdc/status/1987948736228511992?s=20 ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Polymarket
- bug_class
- phishing
- date_occurred
- 2025-11-11
- loss_usd
- $500,000
- source_id
- sm:polymarket::2025-11-11
Related — same bug class· phishing