Some Polymarket users reported that their accounts had been breached and drained, which the prediction market blamed on a third-party provider.
Prediction markets platform Polymarket has pinned a series of reported user account breaches on a third-party login tool.
In a to the company’s Discord on Tuesday, Polymarket said that it had flagged and resolved a security issue that impacted “a small number of users,” after some had reported suspicious activity on their accounts.
“The issue was caused by a vulnerability introduced by a third-party authentication provider,” Polymarket said. “Polymarket takes security extremely seriously, and the issue has been remediated.”
It added that there was no ongoing risk and that it would contact affected users.
Polymarket’s confirmation followed a host of user reports across social media platforms Reddit and X, with some stating that they had all their from their accounts.
Some users reported seeing three login attempts by attackers before their funds were ultimately drained.
“Today I woke up and see 3 attempts to login to Polymarket. My device isn’t compromised, Google found nothing suspicious, all other services are fine.” one Reddit user. “So I went to Polymarket and realised that all my deals were closed and balance is 0.01$.”
Other users have claimed that the security issue may have stemmed from Magic Labs, a popular wallet service integrated with Polymarket.
Related:
“My Polymarket wallet also got drained yesterday,” one X user. “Wallet was [Magic Labs] created. I never actually signed up for email with them so never got phishing links.”
This is not the first time users of the faced security issues, with some Polymarket users after logging into the platform via their Google accounts.
Magazine:
