Polymarket pUSD Drain: Stolen Funds Shift to 3 New ETH Wallets After Vendor Compromise
After the Polymarket pUSD drain linked to a vendor compromise, on-chain monitors say the stolen funds have moved again. The attacker reportedly converted the proceeds via Relay, bridged value from Polygon to Ethereum, and consolidated holdings into ETH.
Polymarket said the incident stemmed from a compromised third-party dependency that injected malicious code into the platform frontend for some users. The firm removed the affected dependency and stated impacted users would be fully refunded. Security analysts describe the route as a frontend and wallet-signing failure: victims were tricked into signing transactions, rather than a confirmed Polymarket smart-contract exploit.
Key update: the Polymarket pUSD drain proceeds appear parked across three newly created ETH wallets totaling about 1,891.9 ETH. The largest wallet holds roughly 1,788.5 ETH, while the two smaller wallets hold about 100 ETH and 3.4 ETH. The consolidation trail previously referenced an Ethereum address identified in the drain path, and the latest movement suggests staging before potential further exchange, mixer, bridge, or wallet-to-wallet hops.
The latest movement does not, by itself, indicate a fresh wave of victims. It mainly reflects post-incident fund handling following the original Polymarket pUSD drain and the remediation steps (dependency removal and user refunds).
Neutral
This is a targeted incident update, not a protocol-wide failure. The Polymarket pUSD drain appears contained in scope: Polymarket blamed a compromised frontend dependency, removed it, and promised full refunds. The attacker-linked ETH (≈1,891.9 ETH across three new wallets) is mainly evidence of post-incident fund management rather than fresh exploitation or new contract breaks.
For traders, the likely effect is limited and mostly concentrated around Polymarket/pUSD-related liquidity and sentiment. In similar past cases where attackers shifted proceeds into multiple fresh wallets after a frontend/signature attack, markets often saw short-term fear (for the affected app/token) followed by stabilization once refunds and containment were confirmed. Broad market impact is typically neutral because there’s no direct systemic contagion to major venues or base-layer assets implied here—only monitoring risk (possible future exchange/bridge outflows) to watch for, which can add volatility locally.