Hassan Maishera
TL;DR
-
Prediction market Polymarket experienced a series of account breaches.
-
The platform attributed the breaches to an unidentified third-party login provider.
Polymarket Blames an Unidentified Third-party Login Provider for Recent Breach
Prediction market Polymarket believes that an unidentified third-party login provider was responsible for recent account breaches reported by several users.
Polymarket confirmed the security breaches on its Discord channel after several users reported missing funds and suspicious login attempts.
Several users posted on Reddit and X, revealing that they received unexpected login alerts and then discovered their balances had been wiped. One user claimed that their account was wiped despite not having their devices compromised and no other affected services.
Another user on X reported losing roughly $2,000 despite having two-factor authentication on the app. A third user complained that their “top 1000” Polymarket account was drained, while a fourth said a testing account was drained.
Polymarket didn’t name the third-party provider responsible for this; several users pointed to Magic Labs, which allows email-based logins and automatically creates wallets for users.
Magic Labs is popular as it allows newcomers who have yet to create crypto wallets to gain easy access to one, making it one of the easiest ways to enter the Polymarket ecosystem.
While Polymarket acknowledged the issue, it didn’t disclose how many users were affected or the amount of money stolen. A Polymarket spokesperson stated that,
“We recently identified and resolved a security issue affecting a small number of users. The issue was caused by a vulnerability introduced by a third-party authentication provider. Polymarket takes security extremely seriously, and the issue has been remediated. There is no ongoing risk at this time, and we will be in contact with impacted users."
Polymarket is the leading on-chain prediction marketplace, processing over $2 billion monthly.
