Polymarket confirmed a security incident and pointed to a vulnerability related to a third-party login provider as the cause of recent account hacks. Users reported unexpected login notifications and that their balances were wiped following these events. In private messages and on social media, people shared various examples—from accounts with just one cent to losses of several thousand dollars.
What Happened with Polymarket?
The platform confirmed the incident on its Discord channel after mass user complaints about missing funds and suspicious login attempts. Posts on Reddit and X showed unexpected login alerts after which some accounts were nearly emptied, including cases where balances dropped to one cent.
Individual users reported significant losses: one person mentioned losing about $2,000 despite having two-factor authentication enabled, another said a large account ranked in the top 1000 was "emptied." Polymarket did not disclose the exact number of affected users or the total amount lost.
Cause of the Fund Leak
In an official statement, the company indicated the cause was a vulnerability introduced by a third party—the authentication provider. Polymarket did not name this provider in the statement, but users in discussions pointed to Magic Labs as the likely source of the problem.
Users note that Magic Labs offers email login and automatically creates wallets for new users, making the service a convenient entry point for platforms like Polymarket, but at the same time potentially increasing risk if the provider has vulnerabilities.
Polymarket's Response
The company stated: "We recently identified and resolved a security issue affecting a small number of users. The problem was caused by a vulnerability introduced by a third-party authentication provider." Polymarket emphasized that security is a priority and that the incident has been fixed.
The message also noted there is currently no ongoing threat and that the platform will contact affected users to assist them in addressing the incident's consequences.
Why This Matters
Even if you mine and keep most of your funds off exchanges, vulnerabilities in login methods to platforms can affect access to linked accounts and tokens. This is especially relevant if you use convenient email login methods or third-party providers that automatically create wallets.
The Polymarket case shows that two-factor authentication does not always fully protect against losses if the issue lies with the login provider. For any miner with multiple devices, this is a signal to check which services you use to access platforms and what permissions those services have.
What to Do?
Check which third-party services are linked to your accounts and disable unused login methods where possible. Regularly monitor login notifications and balances to detect unusual activity as early as possible.
If you notice missing funds or suspicious activity, contact the platform's support and document all details (notification times, screenshots, transaction addresses). It’s also advisable to move assets to a wallet where you control the private keys and familiarize yourself with possible attack vectors, such as address poisoning.
If you want to follow the platform’s operation and recovery after outages or incidents, it’s helpful to review previous posts about Polymarket’s performance, such as how Polymarket resumed operations after a network failure. This will help build a complete picture of risks and how the platform responds to problems.