Polymarket Confirms Security Breach Linked to Third-Party Login Service

Polymarket, a decentralized prediction platform valued at over $1 billion, has announced a recent security breach that affected several user accounts.

The incident caused concern across the crypto community after users reported unauthorized access and sudden loss of funds from their accounts.

Users Report Suspicious Account Activity on Polymarket

Early reports of the breach appeared on social media platforms like Reddit and X (formerly Twitter). Users described unusual login alerts and repeated failed attempts to access their accounts.

Soon after the alerts, many affected users noticed that their open trading positions had been closed without their permission. In several cases, users’ account balances dropped to almost zero.

Importantly, users said their personal devices were not hacked. Their phones and computers were safe, their email accounts were secure, and they had not clicked any suspicious links. 

Some users also confirmed that two-factor authentication was active on their email accounts. Yet attackers were still able to exploit their Polymarket accounts.

Email-Based Wallet Logins Linked to Higher Risk

Based on reports from users, the breach mainly affected accounts created through Magic Labs. This service allows users to sign up using only an email address. It also automatically creates a non-custodial Ethereum wallet in the background.

This type of login is popular with new crypto users because it removes the need to manage private keys or connect an external wallet. It makes the onboarding process easier and faster.

However, the incident showed the risks of relying on third-party login tools. Users who signed up using the email-based method appeared to be more exposed. Those who connected external wallets like MetaMask or hardware wallets faced fewer risks.

Polymarket Responds and Resolves the Issue

In response, Polymarket confirmed that a vulnerability introduced by a third-party authentication provider was responsible for the breach.

The prediction platform stated that only a small number of users were affected and that the issue no longer poses a risk. The team said it has fixed the problem and started contacting users whose accounts were impacted.

However, the platform did not share the exact number of affected accounts or the total amount of funds lost. It also did not name the third-party authentication service involved.

While Polymarket has assured users that the platform is now secure, the incident has sparked fresh discussions about security risks in decentralized systems. This security breach is part of a larger trend, as attacks on crypto platforms are becoming more frequent.