Polymarket Hack: Third-Party Vulnerability Drains User Funds

Polymarket has confirmed that a recent wave of wallet drains affecting user accounts was caused by a security vulnerability tied to a third-party authentication provider, following days of complaints from users who said their balances were emptied after unexplained login attempts. The decentralized prediction market platform said the issue has now been fixed and that there is no ongoing risk, though it has not disclosed how many users were affected or the total value of funds lost. Polymarket said that multiple user accounts recently suffered fund losses due to a security vulnerability in a third-party authentication service. The issue has been fixed and no ongoing risk remains. Some users reported on social media that their funds were drained after… — Wu Blockchain (@WuBlockchain) December 24, 2025 Login Emails, Empty Accounts: Polymarket Users Describe Sudden Fund Losses Reports of suspicious activity began circulating earlier this week on X and Reddit, where several users described receiving multiple login notification emails despite not attempting to access their accounts. In multiple cases, users said they logged in hours later to find their positions closed and balances nearly zero. One Reddit user wrote that three login attempts were flagged while their email and other online accounts showed no signs of compromise, adding that their Polymarket funds were drained at the same time the login emails were sent. Another user provided a detailed account suggesting the breach may have involved weaknesses in the platform’s one-time password system at the time of the incident. A bunch of people reporting their polymarket accounts using magic link were drained. Possibly an ongoing security issue with magic link (though can never rule out user error / phishing). A few from discord posted below but I've seen more reports. pic.twitter.com/hQkyzJdE6V — Spreek (@spreekaway) December 23, 2025 According to the user, the login codes were only three digits long and may have been vulnerable to brute-force attempts. The user noted that shortly after the incident, Polymarket appeared to increase the OTP length to six digits, though the company has not publicly commented on that specific claim. if you have ever used or downloaded this @Polymarket trading bot, move your funds to a new wallet immediately this repo called simone46b/polymarket-trading-bot contains a malicious npm package called polystream/streaming, it pretends to be a sha256 validation utility, but it is… — Saurav (@0x_saurav) December 22, 2025 User reports have pointed to a common thread among affected accounts. Several said they had signed up through Magic Labs, a popular onboarding service that allows users to log in with email addresses and automatically creates non-custodial Ethereum wallets. Magic Labs is widely used by newer crypto users who do not already manage their own wallets. While Polymarket did not name the authentication provider involved, it acknowledged in a message posted to its official Discord channel that the vulnerability originated from a third-party service. Source: Polymarket Discord The platform said it would contact impacted users directly but did not offer details on reimbursements or recovery options. Third-Party Breaches Keep Haunting Crypto Platforms The incident is not the first time Polymarket has faced security-related concerns tied to external services. In September 2024, users who logged in through Google accounts reported wallet drains involving unauthorized proxy transactions that moved USDC funds to phishing addresses. At the time, Polymarket investigated the events as potentially targeted exploits linked to third-party authentication tools. More recently, a phishing campaign that abused the platform’s comment sections resulted in losses exceeding $500,000 after users were redirected to fake login pages. The breach comes amid a broader rise in third-party security failures across the crypto and technology sectors. This week, crypto tax software firm Koinly warned users that email addresses may have been exposed following a breach at Mixpanel, an analytics provider it previously used. @KoinlyOfficial warns a third-party breach may have exposed user emails but stresses that no wallet, transaction, tax, or portfolio data was shared with Mixpanel. #CryptoSecurity #CryptoTax #Koinly https://t.co/ASDxMchfyg — Cryptonews.com (@cryptonews) December 23, 2025 Koinly reported that no financial/tax information had been breached and that it no longer uses the service. Elsewhere, Swiss crypto platform SwissBorg released a report of a loss of 41 million earlier this year following a compromise by attackers of an API provider, and Discord and a number of DeFi protocols have also reported attacks related to external vendors. SwissBorg hit by $41.5M $SOL hack after API compromise amid cascade of crypto security failures, including Nemo and Aqua exploits. #CryptoHack #Solana https://t.co/ztUl2s0yxv — Cryptonews.com (@cryptonews) September 8, 2025 A consistent warning that security researchers have given is that the use of third-party infrastructure can increase attack surfaces, particularly with crypto platforms growing. The post Polymarket Hack: Third-Party Vulnerability Drains User Funds appeared first on Cryptonews .