TechFlow, Nov. 11 — According to Polymarket trader 25usdc, phishing scam content has appeared in the Polymarket comment section, resulting in over $500,000 in user losses.
The scammers purchased both "yes" and "no" shares in a market through two separate accounts, ensuring their comment remains visible under the "holders" filter, then posted disguised website links. The phishing site mimics the official Polymarket interface, prompting users to log in via email and complete email verification, followed by a fake Cloudflare verification window.
When users click the "copy" button, they actually copy a malicious terminal command. This command downloads and executes a script from a remote server, collects system data from the user's device, sends it back to the scammer's server, and ultimately enables theft of user account funds.




