{"id":92581,"date":"2025-12-24T13:32:26","date_gmt":"2025-12-24T10:32:26","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=92581"},"modified":"2025-12-24T13:35:11","modified_gmt":"2025-12-24T10:35:11","slug":"polymarket-confirms-user-account-breach","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/polymarket-confirms-user-account-breach\/","title":{"rendered":"Polymarket Confirms User Account Breach"},"content":{"rendered":"<p>The prediction platform Polymarket <a href=\"https:\/\/discord.com\/channels\/710897173927297116\/775506448041115669\/1453090675439570975\">has confirmed<\/a> that several users have been affected by a breach linked to a vulnerability at a third-party provider.<\/p>\n<p>This week, social media saw a surge of reports from users complaining about unauthorized login attempts and zeroed balances.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>&#8220;I woke up today to find three attempts to log into my <\/em><a href=\"https:\/\/forklog.com\/en\/news\/what-is-polymarket\"><em>Polymarket<\/em><\/a><em> profile. My device is uncompromised, Google found nothing suspicious, and all other services are fine. I logged into the platform and saw all my trades closed, with a balance of $0.01,&#8221; wrote one of the platform&#8217;s clients on Reddit.<\/em><\/p>\n<\/blockquote>\n<p>Another affected user reported receiving a series of login attempt notifications, followed by the disappearance of funds. The user emphasized not clicking on any suspicious links and using two-factor authentication.<\/p>\n<p>Comments suggest the issue affected Polymarket clients using the Magic Labs service, which allows email logins and creates non-custodial Ethereum wallets. This method is most popular among novice crypto investors.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>&#8220;We recently discovered and resolved a security issue affecting a small number of users. The issue was caused by a vulnerability introduced by a third-party authentication provider,&#8221; Polymarket stated.<\/em><\/p>\n<\/blockquote>\n<p>The platform did not disclose the exact number of affected users, the amount of damage, or the name of the provider that was the source of the problem.<\/p>\n<p>This is not the first such incident at Polymarket. In September 2024, several users logging in via Google fell victim to complete wallet depletion.<\/p>\n<p>Perpetrators used proxy function manipulations to automatically withdraw <a href=\"https:\/\/forklog.com\/en\/news\/what-is-the-usdc-stablecoin\">USDC<\/a> to their addresses. The platform&#8217;s investigation revealed that the vulnerability was also linked to third-party authentication providers.<\/p>\n<p>In November 2025, scammers <a href=\"https:\/\/x.com\/25usdc\/status\/1987948736228511992\">launched<\/a> a large-scale phishing campaign in Polymarket&#8217;s comment section. The scammers spread phishing links disguised as official resources, extracting credentials from victims. The damage from this scheme exceeded $500,000.<\/p>\n<p>Earlier, Polymarket <a href=\"https:\/\/forklog.com\/en\/news\/polymarket-resumes-operations-in-the-us\">resumed<\/a> operations in the US after resolving a conflict with the local regulator.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The prediction platform Polymarket has confirmed that several users have been affected by a breach linked to a vulnerability at a third-party provider.<\/p>\n","protected":false},"author":1,"featured_media":92582,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"Polymarket confirms user breach due to third-party vulnerability.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1148],"class_list":["post-92581","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-polymarket"],"aioseo_notices":[],"amp_enabled":true,"views":"304","promo_type":"1","layout_type":"1","short_excerpt":"Polymarket confirms user breach due to third-party vulnerability.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/92581","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=92581"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/92581\/revisions"}],"predecessor-version":[{"id":92583,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/92581\/revisions\/92583"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/92582"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=92581"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=92581"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=92581"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}