Could you ever imagine losing money just by clicking on a link? This recently happened to various Polymarket (a well-known cryptocurrency trading site) users, when following a major phishing attack, multiple users succumbed to the hackers, losing over $500,000. This is not just a bad day for Polymarket, but should be viewed as a potential warning for all cryptocurrency users.
What Was Done and How Did The Attack Happen?
The hackers posted fake links through the comments section of Polymarket, and easily caused some users sign-in credentials to fictitious log-in pages. Once the users signed into the fictitious log-in pages, the hackers acquired the user's wallet information. The users, having set-up their wallets to default to using Eth for currency deposits, enabled the hackers access to users wallet.
Not the First Time This Happened
Unfortunately, this wasn't the first instance of this. Earlier in 2023, a phishing attack successfully drained more than $1.2 million from consumer wallets on the cryptocurrency exchange, OpenSea. The same scam was continuing to be perpetuated as the phishers preyed on unsuspecting victims; because people tend to just click a random link sent from their friend. All we can do is take a step back, remind ourselves to check websites moving forward, and protect our wallet information moving forward.
Subsequent Actions for Polymarket
There have been some suggestions that Polymarket should be using some smart filters to flag these spam/phishing links and should be looking for an educational component warning their users about how to spot potentially unsafe links. Platforms who deal with money must be willing to take extra measures to rebuild and maintain trust with their user base when it comes to security.
