Prediction market platform Polymarket has confirmed that several users were affected by an account compromise linked to a vulnerability at a third-party provider.
Earlier this week, users began posting on social media about unauthorized login attempts and balances being drained. One customer wrote on Reddit that they woke up to three attempted logins to their Polymarket profile. According to the user, their device showed no signs of compromise, Google did not flag suspicious activity, and other services appeared normal. After logging in, they found all positions closed and their balance reduced to $0.01.
Another user reported receiving a series of login notifications before discovering missing funds. The person emphasized that they had not clicked any suspicious links and had two-factor authentication enabled.
Based on comments from the community, the incident may have impacted Polymarket clients who used Magic Labs — a service that enables email-based logins and creates non-custodial Ethereum wallets. This method is particularly popular among new crypto users due to its simplicity.
Polymarket said it has already identified and fixed the issue.
“We recently discovered and resolved a security issue affecting a small number of users. The issue was caused by a vulnerability introduced by a third-party authentication provider,” the company stated.
The platform did not disclose the exact number of affected users, the total amount of losses, or the name of the provider involved.
Not the first incident
This is not the first time Polymarket users have faced similar problems. In September 2024, several users who logged in via Google reportedly had their wallets completely drained. Attackers allegedly used proxy-function manipulation to automatically transfer USDC to their own addresses. Polymarket’s internal investigation suggested that vulnerability was also tied to a third-party authentication provider.
In November 2025, scammers launched a large-scale phishing campaign in Polymarket’s comments section, sharing malicious links disguised as official resources to steal credentials. Losses from that scheme were reported to exceed $500,000.
Polymarket has also recently resumed operations in the United States after settling a dispute with a local regulator.
