Polymarket Reports Account Breaches Linked to Third-Party Login Provider
Polymarket has confirmed that unauthorized account access experienced by some users was due to a vulnerability introduced by a third-party login provider. While Polymarket did not explicitly name the provider, user speculation suggests that the affected service is Magic Labs, an email-based login and wallet-creation tool.
Multiple users have reported missing funds and suspicious login activity on their accounts, with some balances being wiped entirely. Reported losses vary, including accounts dropping to just one cent, approximately $2,000 lost, and even a 'top 1000' Polymarket account being drained.
Polymarket has not disclosed the total number of affected users or the overall amount stolen. The platform highlighted the inherent risks involved with using third-party authentication tools in cryptocurrency environments.
The company addressed the issue on its Discord channel, stating that the vulnerability was introduced by a third-party authentication provider and that the issue has since been remediated, with no ongoing risk to users.
Neither Polymarket nor Magic Labs immediately responded to requests for comment following the reports.
