Polymarket acknowledges user account hack due to third-party service
The platform stated that the vulnerability has been fixed and there are no longer any risks to users
24.12.2025 - 09:45
408
2 min
0
Key points:
- Polymarket confirmed that the account hack occurred due to a vulnerability at a third-party authentication provider.
- Users reported funds being debited after receiving notifications of login attempts without clicking on the links.
- The company did not disclose the number of victims or the extent of the damage, but stated that the problem had been fixed.
Decentralized prediction platform Polymarket confirmed that recent hacks of user accounts were related to a security issue with a third-party authentication provider. Reports of unauthorized access began to appear en masse earlier this week on X and Reddit.
Affected users reported multiple login attempts, after which their positions were closed, and their balances were virtually wiped out, despite the absence of phishing links and the presence of basic security measures.
What is known about the vulnerability
According to users, the incident mainly affected those who registered with Polymarket through the Magic Labs service. This provider allows users to log in via email and automatically create non-custodial Ethereum wallets, which are particularly popular among new users.
On Tuesday, Polymarket acknowledged the problem on its official Discord channel, stating that the vulnerability originated with a third-party authentication service and had already been fixed.
The company did not disclose the name of the provider, the number of affected accounts, or the amount of funds stolen, but emphasized that no residual risks had been identified and that affected users would be contacted directly.
This is not the first time Polymarket has encountered problems related to third-party authentication. In September 2024, users who logged in via Google accounts reported unauthorized withdrawals when attackers used proxy function calls to transfer USDC to phishing addresses.
Useful material?
Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Telegram
Twitter