Polymarket cites third-party vulnerability in recent user account hack

Decentralized prediction market platform Polymarket confirmed that multiple users were affected by a recent security breach involving a third-party authentication provider.Reports of account hacks began surfacing earlier this week on X and Reddit, as affected users took to social media to detail their losses."Today I woke up and see 3 attempts to login to polymarket — My device isn’t compromised, google found nothing suspicious, all other services are fine," one user wrote on Reddit. "So I went to Polymarket and realized that all my deals were closed and balance is $0.01."Another user in the comment section claimed to have experienced a similar security breach, receiving three attempted login notifications before funds were drained from their Polymarket account, despite not clicking any links and having two-factor authentication enabled on their email.According to user reports on social media, the issue appears to have affected users who signed up for Polymarket through Magic Labs, which lets users sign in via email addresses and creates non-custodial Ethereum wallets. Magic Labs sign-up is widely used by first-time crypto users who do not already have digital asset wallets.No ongoing risksOn Tuesday, Polymarket acknowledged the security issue on its official Discord channel."We recently identified and resolved a security issue affecting a small number of users," Polymarket wrote. "The issue was caused by a vulnerability introduced by a third-party authentication provider."Polymarket did not, however, reveal the number of affected users or the value stolen as a result. It also did not name the third-party provider at the core of the issue. The platform stated it has resolved the issue and that no lingering risks remain."We will be in contact with impacted users," Polymarket added. The Block has reached out to Polymarket for further information on the situation.Recurring issueThe latest breach echoes earlier security incident reported on the platform.In September 2024, several users who logged in via Google accounts reported wallet drains, where attackers used "proxy" function calls to move users' USDC funds to phishing addresses. Polymarket at the time investigated the incidents as potentially targeted exploits linked to a third-party authentication provider. Separately, a phishing campaign exploiting the platform's comment sections last month resulted in more than $500,000 in user losses. Scammers posted disguised links to fraudulent sites, prompting email logins.Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.