Polymarket Confirms User Account Breach

Polymarket confirms user breach due to third-party vulnerability.

The prediction platform Polymarket has confirmed that several users have been affected by a breach linked to a vulnerability at a third-party provider.

This week, social media saw a surge of reports from users complaining about unauthorized login attempts and zeroed balances.

“I woke up today to find three attempts to log into my Polymarket profile. My device is uncompromised, Google found nothing suspicious, and all other services are fine. I logged into the platform and saw all my trades closed, with a balance of $0.01,” wrote one of the platform’s clients on Reddit.

Another affected user reported receiving a series of login attempt notifications, followed by the disappearance of funds. The user emphasized not clicking on any suspicious links and using two-factor authentication.

Comments suggest the issue affected Polymarket clients using the Magic Labs service, which allows email logins and creates non-custodial Ethereum wallets. This method is most popular among novice crypto investors.

“We recently discovered and resolved a security issue affecting a small number of users. The issue was caused by a vulnerability introduced by a third-party authentication provider,” Polymarket stated.

The platform did not disclose the exact number of affected users, the amount of damage, or the name of the provider that was the source of the problem.

This is not the first such incident at Polymarket. In September 2024, several users logging in via Google fell victim to complete wallet depletion.

Perpetrators used proxy function manipulations to automatically withdraw USDC to their addresses. The platform’s investigation revealed that the vulnerability was also linked to third-party authentication providers.

In November 2025, scammers launched a large-scale phishing campaign in Polymarket’s comment section. The scammers spread phishing links disguised as official resources, extracting credentials from victims. The damage from this scheme exceeded $500,000.

Earlier, Polymarket resumed operations in the US after resolving a conflict with the local regulator.