Some Polymarket users reported that their accounts had been breached and drained, which the prediction market blamed on a third-party provider.
Prediction markets platform Polymarket has pinned a series of reported user account breaches on a third-party login tool.
In a post to the company’s Discord on Tuesday, Polymarket said that it had flagged and resolved a security issue that impacted “a small number of users,” after some had reported suspicious activity on their accounts.
“The issue was caused by a vulnerability introduced by a third-party authentication provider,” Polymarket said. “Polymarket takes security extremely seriously, and the issue has been remediated.”
It added that there was no ongoing risk and that it would contact affected users.
Polymarket’s confirmation followed a host of user reports across social media platforms Reddit and X, with some stating that they had all their funds drained from their accounts.
Some users reported seeing three login attempts by attackers before their funds were ultimately drained.
“Today I woke up and see 3 attempts to login to Polymarket. My device isn’t compromised, Google found nothing suspicious, all other services are fine.” said one Reddit user. “So I went to Polymarket and realised that all my deals were closed and balance is 0.01$.”
Other users have claimed that the security issue may have stemmed from Magic Labs, a popular wallet service integrated with Polymarket.
Related: Polymarket bets surge on Lighter airdrop as Hyperliquid lists LIT
“My Polymarket wallet also got drained yesterday,” noted one X user. “Wallet was [Magic Labs] created. I never actually signed up for email with them so never got phishing links.”
This is not the first time users of the major prediction market have faced security issues, with some Polymarket users being drained in late 2024 after logging into the platform via their Google accounts.
Magazine: Meet the onchain crypto detectives fighting crime better than the cops
