Decentralized prediction market platform Polymarket has confirmed that a recent wave of user account hacks stemmed from a vulnerability linked to a third-party authentication provider, following growing concerns shared by users across social media.
Reports of suspicious activity began circulating earlier this week on platforms such as X and Reddit. Several users described waking up to multiple unauthorized login attempts on their Polymarket accounts, followed by the sudden closure of active positions and balances reduced to nearly zero.
Polymarket hacked?
by u/Sandwich_1337 in PolymarketTrading
One Reddit user recounted receiving three login alerts overnight, despite finding no signs that their device or email had been compromised.
“Google found nothing suspicious, all other services are fine,” the user wrote, adding that their Polymarket account balance had dropped to just $0.01.
Another user reported a similar experience, noting that their funds were drained even though they had not clicked any links and had two-factor authentication enabled on their email account.
Magic Labs Users Appear Disproportionately Affected
Based on user accounts shared online, the issue appears to have primarily affected individuals who signed up for Polymarket using Magic Labs. Magic Labs provides email-based authentication and automatically generates non-custodial Ethereum wallets, a feature commonly used by newcomers to crypto who do not yet have standalone wallets.
While Polymarket has not publicly confirmed the specific provider involved, the pattern described by users has fueled speculation that the vulnerability was tied to this third-party login method rather than Polymarket’s core infrastructure.
Polymarket Says Issue Resolved, No Ongoing Risk
On Tuesday, Polymarket addressed the situation in its official Discord channel, acknowledging the breach and confirming that it has since been resolved.
“We recently identified and resolved a security issue affecting a small number of users,” the company stated. “The issue was caused by a vulnerability introduced by a third-party authentication provider.”
The platform did not disclose how many users were affected or the total value of funds lost, nor did it name the authentication service involved. However, Polymarket emphasized that there are no remaining risks and that impacted users will be contacted directly.
Polymarket has not yet responded publicly to follow-up requests for additional details.
A Familiar Challenge for the Platform
The incident is the latest in a series of security-related challenges for Polymarket. In September 2024, several users who logged in through Google accounts reported wallet drains involving “proxy” function calls that redirected USDC funds to phishing addresses. At the time, Polymarket investigated those cases as potentially targeted attacks linked to third-party authentication systems.
More recently, the platform was also targeted by a phishing campaign that exploited its comment sections. Scammers posted links disguised as legitimate content, directing users to fraudulent websites that prompted email-based logins. That campaign reportedly resulted in user losses exceeding $500,000.
Broader Implications for Crypto Platforms
While Polymarket’s core protocol was not identified as the source of the vulnerability, the incident highlights ongoing risks associated with third-party authentication tools in the crypto ecosystem. Email-based wallet creation and social logins can lower the barrier to entry for new users, but they also introduce additional points of failure if external providers are compromised.
For users, the episode serves as a reminder to remain vigilant, review account activity regularly, and understand how authentication methods interact with non-custodial wallets.
