Prediction Market Polymarket has blamed an unidentified third-party login provider for recent account breaches reported by several users.
The platform confirmed the security incident on its Discord channel after users reported missing funds and suspicious login attempts.
Social media posts on Reddit and X show that several users received unexpected login alerts and then discovered their balances had been wiped. One user said their account was down to just a penny, even though their devices were not compromised and no other services were affected.
Another user on X reported losing around $2,000, despite having two-factor authentication enabled. A third user said their Polymarket “top 1000” account had been emptied, while a fourth said a test account had been emptied.
Although Polymarket did not name the provider in question, several users pointed to Magic Labs, which allows email connections and automatically creates wallets for users. The tool is popular and allows newcomers who do not have crypto wallets to easily access it, making it a common entry point to Polymarket and other platforms.
The company acknowledged the problem but did not reveal how many users were affected or the amount of money stolen.
“We recently identified and resolved a security issue affecting a small number of users. The issue was due to a vulnerability introduced by a third-party authentication provider,” a company spokesperson said on Discord. “Polymarket takes security extremely seriously and the issue has been resolved. There is no ongoing risk at this time and we will be in contact with affected users.”
Polymarket and Magic Labs did not immediately respond to emails seeking comment.
