Polymarket Links Account Breaches to Third-Party Authentication Provider
Polymarket has acknowledged unauthorized access to user accounts, attributing the incident to a vulnerability introduced by a third-party authentication provider. The issue was first brought to light through user reports of missing funds and suspicious login attempts, with some accounts experiencing balances wiped to one cent, losses around $2,000, a top 1000 account drained, and a testing account compromised.
While Polymarket has not disclosed the number of affected users or the total amount of stolen funds, some users speculate that the third-party provider involved is Magic Labs, an email-based login and wallet-creation tool. However, Polymarket has not confirmed the provider's identity.
The company announced that remediation measures have been completed and no ongoing risk remains. Impacted users will be contacted directly.
This incident underscores the risks associated with relying on third-party login tools on cryptocurrency platforms.
