Haciyev Reşit 
As interest in decentralized applications continues to grow in the cryptocurrency market, security risks are once again coming into focus. Decentralized prediction market platform Polymarket has confirmed that some user accounts were affected due to a vulnerability in a third-party identity authentication provider. While users reported that funds in their accounts had decreased or been completely drained, Polymarket stated that the issue has been resolved.
User Complaints Trend on Social Media
Since the beginning of the week, posts from Polymarket users on platforms such as X and Reddit have drawn attention. Many users reported unauthorized login attempts on their accounts and said their balances had been emptied. The fact that even technically knowledgeable users were affected has heightened concerns that the security flaw may be systemic rather than the result of individual mistakes.
One Reddit user stated that they noticed repeated login attempts on their account and, upon accessing the platform, found that all their positions had been closed and their balance nearly wiped out. Similarly, other users reported fund losses despite not clicking on any suspicious links and having two-factor authentication enabled on their email accounts.
According to user feedback, the security breach is alleged to have primarily affected users who registered on Polymarket via Magic Labs infrastructure. Magic Labs is known as a third-party provider that enables email-based login and creates non-custodial Ethereum wallets. Due to its ease of use, this system is widely preferred by investors new to crypto. These claims have reignited discussions about the risks that third-party authentication services can pose to decentralized platforms.
Official Statement from Polymarket
Polymarket acknowledged the security incident in a statement shared on its official Discord channel on Tuesday. The platform said:
“We recently identified and resolved a security issue that affected a small number of users. The issue stemmed from a vulnerability related to a third-party identity authentication provider.”
The company did not disclose the number of affected users or the total value of the stolen funds, nor did it name the third-party provider responsible. However, it emphasized that the vulnerability has been fixed and that there is currently no ongoing risk.
Similar Incidents Occurred in the Past
This incident has once again brought Polymarket’s previous security issues back into the spotlight. In September 2024, some users who logged in via Google accounts reported that their wallets had been drained. At the time, it was explained that attackers redirected USDC assets to phishing addresses by exploiting “proxy” function calls.
Additionally, last month, a phishing campaign targeting the platform’s comment sections reportedly caused users to lose more than $500,000. In those attacks, user login credentials were obtained through fake links.
You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates