Prediction market Polymarket blamed an unidentified third-party login provider for recent account breaches reported by multiple users.
The platform confirmed the security incident on its Discord channel after users reported missing funds and suspicious login attempts.
Social media posts on Reddit and X show that several users received unexpected login warnings and then discovered their balances had been wiped. One user said their account dropped to just one cent despite their devices not being compromised and no other services affected.
Another user on X said they lost about $2,000, despite having two-factor authentication enabled. A third user said their “top 1000” Polymarket account was drained, while a fourth said a test account was drained.
While Polymarket did not name the provider in question, several users pointed to Magic Labs, which allows email-based logins and automatically creates wallets for users. The tool is popular and allows newcomers who don’t have crypto wallets to easily access one, making it a common gateway to Polymarket and other platforms.
The company acknowledged the problem, but did not say how many users were affected or how much money was stolen.
“We recently identified and resolved a security issue affecting a small number of users. The issue was caused by a vulnerability introduced by a third-party authentication provider,” a company spokesperson said on Discord. “Polymarket takes security extremely seriously and the issue has been resolved. There is no ongoing risk at this time and we will be in contact with affected users.”
Polymarket and Magic Labs did not immediately respond to emails seeking comment.
