Polymarket confirms user accounts breached via third-party authentication vulnerability

Polymarket has recently confirmed that several of its users were affected by a security breach, which it says was due to a vulnerability in a third-party authentication service.

The Polymarket team has officially acknowledged the incident that several users had been reporting over the past week, prompting renewed concerns about account safety.

Polymarket users report suspicious login attempts

Initial reports of suspicious activity began surfacing earlier in the week, where multiple Polymarket users were seen detailing accounts of their losses across platforms like X and Reddit.

According to one user going by the username Sandwich_1337, their account was drained without any major red flags from their end.

“Today I woke up and see 3 attempts to login to polymarket. My device isn’t compromised, google found nothing suspicious, all other services are fine,” the user wrote.

In the comments, another Reddit user reported a similar experience where they received several login attempt notifications, after which their account balance was emptied.

“I am not a crypto bro clicking on airdrop links or connecting my wallet to random sites. I haven’t even logged into Polymarket for two months […] My email security is locked down. I have 2FA on my email account that requires a physical confirmation on my phone to authorize a new login. It is borderline impossible to access my email without my physical device, which was in my pocket all day,” the user wrote.

Meanwhile, some users on social media speculate that the breach may be affecting a subset of users who had signed up for the platform through Magic Labs, a service that allows email-based access and automatically generates non-custodial Ethereum wallets.

While Polymarket acknowledged the issue on its official Discord channel, it said the incident was linked to a “third-party authentication provider.”

However, it did not provide any additional information other than the fact that the incident only affected a “small number of users.”

Further, it did not disclose the extent of the financial damage caused by the incident and noted that the issue had since been resolved, adding that no other risks remain.

“We will be in contact with impacted users,” Polymarket added.

Details regarding the next steps for affected users were not available at the time of writing.

Not the first time

This is not the first time Polymarket users have been targeted in security-related incidents.

Last year, in August, multiple users reported that their USDC balances had been drained shortly after logging in via their Google accounts.

The attackers reportedly exploited a “proxy” function call to siphon funds to a recurring phishing address, targeting those who used the Magic Labs SDK.

Polymarket support confirmed at least five such attacks by late September.

More recently, in November, a major phishing operation unfolded when hackers exploited Polymarket’s comment section to post phishing links that pushed malicious scripts onto user devices once clicked.

Losses, at the time, were estimated to exceed $500,000.

The post Polymarket confirms user accounts breached via third-party authentication vulnerability appeared first on Invezz