Prediction Market Polymarket blamed an unnamed third-party login provider for recent account breaches reported by several users.
The platform confirmed the security incident on its Discord channel after users reported missing funds and suspicious login attempts.
Social media posts from Reddit and X show that several users received unexpected login alerts and later discovered their balances had been deleted. One user said their bill was reduced to just one cent even though their devices were not compromised or other services affected.
Another X user said they lost around $2,000, despite having two-factor authentication enabled. A third user said their “top 1000” Polymarket account had run out, while a fourth said a test account had run out.
While Polymarket did not name the provider in question, several users pointed to Magic Labs, which allows email-based logins and automatically creates wallets for users. The tool is popular and allows newcomers who don’t have crypto wallets to easily access one, making it a common entry point to Polymarket and other platforms.
The company acknowledged the problem but did not reveal how many users were affected or the amount of money stolen.
“We recently identified and resolved a security issue affecting a small number of users. The issue was caused by a vulnerability introduced by a third-party authentication provider,” a company spokesperson said on Discord. “Polymarket takes security very seriously and the issue has been resolved. There is no ongoing risk at this time and we will contact affected users.”
Polymarket and Magic Labs did not immediately respond to emails seeking comment.
