The prediction market Polymarket has attributed recent account breaches experienced by several users to an unnamed third-party login provider.
The platform confirmed the security issue on its Discord channel after reports of missing funds and suspicious login attempts surfaced from users.
Social media discussions on Reddit and X reveal that multiple users received unexpected login notifications, leading them to find their account balances depleted. One individual reported their account reduced to just one cent, despite not having compromised devices or affected other services.
Another user on X claimed to have lost around $2,000, even with two-factor authentication enabled. A third user mentioned their “top 1000” Polymarket account being drained, while a fourth stated their testing account was also compromised.
Although Polymarket did not specify the identity of the provider, numerous users suggested Magic Labs, a service that facilitates email-based logins and automatically generates wallets for users. This tool is widely used, enabling newcomers without crypto wallets to easily access them, making it a common entry point to Polymarket and similar platforms.
The company acknowledged the occurrence but did not reveal the number of affected users or the total amount stolen.
“We recently identified and addressed a security issue impacting a small number of users. This issue arose from a vulnerability within a third-party authentication provider,” a spokesperson for the company stated on Discord. “Polymarket prioritizes security and has resolved the issue. There is no ongoing risk, and we will reach out to the impacted users.”
Polymarket and Magic Labs did not promptly respond to inquiries for comments.
