Multiple users have reported losses on Polymarket, a major prediction platform, after a recent breach that appears tied to a third-party authentication provider.
Polymarket users describe sudden account breach and drained balances
Reports of account breach on Polymarket began emerging earlier this week on X and Reddit, as affected users shared details of sudden losses. One user wrote that on waking up, they saw 3 login attempts to their account despite insisting their device was not compromised.
That user said Google flagged nothing suspicious and all other services looked normal. However, after visiting the platform, they discovered that all their open positions had been closed and their balance had dropped to just $0.01, suggesting a complete wallet drain.
Another commenter on Reddit described a similar Polymarket account breach, receiving three login notifications before funds vanished from the account. Moreover, they claimed they had not clicked any links and had two-factor authentication enabled on their email, raising fears of a potential two factor authentication bypass at a provider level.
Focus on Magic Labs and email-based wallet access
According to multiple user reports on social media, affected accounts largely belonged to customers who signed up through Magic Labs. The service lets users sign in with email addresses and automatically creates non custodial ethereum wallets for them on the backend.
Magic Labs is widely used by first-time crypto users who lack prior experience with digital asset wallets. However, this convenience-focused email login wallet model may also expand the attack surface if the third-party infrastructure is compromised or misconfigured.
Some community members on X and Discord speculated that the vulnerability was directly tied to a magic labs authentication issue. That said, at this stage those claims remain unverified, as no technical post-mortem has been published and no provider has publicly confirmed a breach.
Polymarket confirms third-party security issue
Polymarket has acknowledged that several user accounts suffered losses due to a security issue linked to an external service. On Tuesday, the team addressed the incident on its official Discord channel, confirming that a third-party authentication provider was at the center of the problem.
“We recently identified and resolved a security issue affecting a small number of users,” the platform wrote in a Discord update. Moreover, Polymarket stated that the issue stemmed from “a vulnerability introduced by a third-party authentication provider,” without providing further technical details.
The company did not disclose how many users were impacted or the total value stolen. However, it emphasized that the vulnerability has been fixed and claimed that no ongoing risk remains for current users. The team added that it “will be in contact with impacted users” to address individual cases and potential restitution.
Despite user speculation, Polymarket has so far declined to identify the specific provider involved in the polymarket breach. The Block has reached out to the team for additional information, but no further public statement had been reported at the time of writing.
Earlier incidents: wallet drains and social phishing
The latest exploit echoes previous security challenges for the prediction platform. In September 2024, several users who logged in via Google accounts reported sudden USDC wallet drains, with attackers using “proxy” function calls to move user funds to phishing addresses.
At that time, Polymarket said it was investigating the attacks as potentially targeted exploits, again linked to a third-party authentication provider rather than the core protocol. That earlier usdc wallet drains report raised questions about how much control external login tools have over on-chain permissions.
Separately, a phishing campaign exploiting the platform’s comment sections last month led to more than $500,000 in reported user losses. Scammers posted disguised links to fraudulent websites that mimicked official pages and prompted users to perform an email login, turning the interface into a phishing comment section scam.
Ongoing scrutiny of third-party authentication in crypto
The sequence of events has intensified scrutiny of third-party authentication solutions across the crypto sector. Convenience tools that bridge traditional email or social logins with blockchain wallets are now seen as potential single points of failure. Moreover, when such providers are compromised, attackers may gain broad access without needing to breach on-chain smart contracts.
For now, Polymarket says the immediate issue has been resolved and that affected users will be contacted directly. However, repeated reliance on external authentication vendors means platforms will likely face growing pressure to provide clearer transparency, more granular permissions, and stronger monitoring around these integrations.
The recent incidents at Polymarket highlight the tension between usability and security in crypto markets.
While third-party login tools can lower barriers for newcomers, they also introduce new attack paths that both platforms and users will need to understand and mitigate more proactively.
Source: https://en.cryptonomist.ch/2025/12/24/polymarket-breach-third-party-auth/
