TLDR
- Polymarket flagged and fixed a vulnerability from a third-party login provider.
- Only a small number of user accounts were affected by the breach.
- Some users reported three login attempts before funds were drained.
- Polymarket confirmed no ongoing risk and will contact affected users.
Polymarket, a major prediction market platform, has reported that recent user account breaches were caused by a vulnerability in a third-party authentication provider. Several users reported that their accounts were accessed without authorization and funds were drained. The company confirmed the issue affected only a small number of users and said the vulnerability has been remediated. Polymarket assured users that no ongoing risk remains and affected accounts will be contacted directly.
Polymarket Identifies Source of Account Breaches
Polymarket stated in a Discord post that the security issue originated from a third-party login tool.The company said it identified and resolved the vulnerability after receiving reports from users about suspicious activity.
“Polymarket takes security extremely seriously, and the issue has been remediated,” the platform said. It confirmed that no ongoing risk exists and affected users will receive direct communication. The company emphasized that only a small number of accounts were impacted during the incident.
User Reports Detail Fund Losses
Multiple users reported their accounts were drained following unauthorized access attempts.
One Reddit user noted seeing three login attempts before finding their balance reduced to $0.01.
“My device isn’t compromised, Google found nothing suspicious, all other services are fine,” the user said. The report indicates that attacks may have exploited the authentication tool rather than individual devices.
Other users noted the affected wallets were created via Magic Labs, a third-party wallet provider integrated with Polymarket.
An X user reported their Polymarket wallet was drained without receiving phishing emails or other warnings.
Third-Party Provider Under Scrutiny
Magic Labs, the wallet service linked to some affected accounts, is being investigated by users for potential vulnerabilities. Polymarket said the breaches were linked to a vulnerability introduced by the third-party authentication provider.
The company has not confirmed whether the breaches were directly caused by Magic Labs or another service. Polymarket reassured users that all security gaps have been addressed and account access is now secure.
Polymarket has experienced security challenges previously, including breaches in late 2024.
At that time, some users reported account drains after logging in through Google accounts. The repeated incidents emphasize the importance of securing third-party integrations and authentication methods. Polymarket continues to monitor its platform and encourages users to report any suspicious account activity immediately.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
