The company said the issue affected a limited number of users, and has since been fully remediated. Polymarket stated it is contacting the impacted users directly and explained that the flaw did not originate from its core infrastructure. Polymarket Confirms Security Breach Polymarket confirmed that a recent wave of user account breaches was caused by a vulnerability linked to a third-party authentication provider, following multiple reports of suspicious activity and drained balances across different social media platforms. Polymarket statement on Discord In a statement that was shared on its Discord channel on Tuesday, Polymarket said it identified and resolved a security issue that affected a “small number of users.” According to the platform, the flaw originated from a third-party login tool rather than Polymarket’s core infrastructure. The company said the issue has been fully remediated, there is no ongoing risk, and impacted users will be contacted directly. The disclosure came after users on Reddit and X reported unauthorized access to their accounts, with some claiming their balances were completely drained. Several users described seeing multiple failed or suspicious login attempts before their positions were closed and funds removed. One Reddit user said they noticed three login attempts overnight, despite their device and Google account showing no signs of compromise, only to later discover their Polymarket balance dropped to just $0.01. (Source: Reddit ) Speculation around the source of the vulnerability quickly spread online, with some users suggesting it may have been tied to Magic Labs, a wallet and authentication service integrated with Polymarket. One X user claimed their Polymarket wallet, which was created through Magic Labs, was drained despite never signing up via email or receiving phishing links. Polymarket did not publicly confirm which authentication provider was responsible. This is not the first time Polymarket users faced account security concerns. In late 2024, some users reported losing funds after logging into the platform through Google account authentication, which raised earlier questions about the risks associated with third-party login integrations. While Polymarket explained that the vulnerability has been fixed and that user funds are now safe, the incident renewed scrutiny of authentication methods used by crypto and prediction market platforms.
