Decentralized prediction market platform Polymarket has confirmed that several users were affected by a recent security breach linked to a vulnerability in a third-party authentication provider. The issue impacted users who registered or logged into Polymarket through Magic Labs, a service that enables email-based sign-ins and creates non-custodial Ethereum wallets.
Users report account compromises
Reports began to surface on Monday on X and Reddit, where users described unauthorized login attempts and drained balances. One Reddit user
Sandwich_1337 wrote,
“Today I woke up and see 3 attempts to login to Polymarket — My device isn’t compromised, Google found nothing suspicious, all other services are fine.”
The same post noted that the user later saw every deal closed and a wallet balance reduced to just $0.01.
Other individuals in the same discussion thread said they had similar experiences, with multiple login attempts reported before funds disappeared from their accounts. Some stated that their email accounts had two-factor authentication enabled, suggesting that attackers exploited a connection between Polymarket’s authentication system and the third-party service rather than breaching users’ devices directly.
Based on user observations, the problem appeared to affect Magic Labs-linked accounts more than others. The setup typically serves first-time crypto users who lack preexisting wallets and who opt for email-based access on decentralized platforms.
Polymarket acknowledges and addresses the issue
On Tuesday, Polymarket confirmed the situation on its official Discord. The platform said the event was limited in scope and has now been resolved.
“We recently identified and resolved a security issue affecting a small number of users,” Polymarket wrote. “The issue was caused by a vulnerability introduced by a third-party authentication provider.”
Polymarket said there are no ongoing risks and that security systems have been reinforced. However, the company did not specify how many users were impacted or disclose the total value of lost funds. The third-party provider involved was also not named publicly.
“We will be in contact with impacted users,” the post concluded.
The company did not publish a timeline for user compensation or wallet recovery processes.
A bunch of people reporting their polymarket accounts using magic link were drained. Possibly an ongoing security issue with magic link (though can never rule out user error / phishing). A few from discord posted below but I've seen more reports. pic.twitter.com/hQkyzJdE6V
— Spreek (@spreekaway) December 23, 2025
Pattern of recurring security issues
This is not the first time Polymarket users have faced wallet-related security problems tied to authentication tools. In September 2024, users who logged in through their Google accounts reported wallet drains involving “proxy” contract functions that redirected USDC tokens to phishing addresses. At that time, Polymarket said that a third-party authentication layer may have allowed attackers to impersonate users.
In November 2024, a phishing campaign exploited the platform’s comment section, leading to about $500,000 in losses, as Teiss reported. Fraudulent links that resembled official Polymarket pages tricked users into re-entering email credentials, giving scammers indirect wallet access.
Review credentials and linked wallets
People who used Magic Labs authentication look for strange behavior in their browser sessions and linked wallets. You should revoke the permissions you granted to outside apps, transfer any remaining funds and permissions that you gave to outside apps, and move any money you have left to new wallets.
Polymarket says all vulnerabilities identified in cooperation with its third-party providers have been fixed. Still, repeated exposure to similar issues over two years has renewed discussion about how decentralized applications depend on centralized sign-in services.
While Polymarket states that “no lingering risks remain,” affected users continue to report balance mismatches and difficulty retrieving transaction records on community platforms. The company has reiterated its intention to contact each impacted user directly.
Anastasiia G
Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource, and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice. HODL FM strongly recommends contacting a qualified industry professional.
