PiCK
Polymarket: Third-party authentication tool vulnerability exploited… some users report funds lost
Summary
- Polymarket said some users' funds were leaked due to a security vulnerability in a third-party authentication tool.
- The company emphasized that the security issue has already been resolved and there is no further risk.
- The industry said the need to strengthen authentication and wallet integration security for prediction market platforms has been raised.
On the prediction market platform Polymarket, reports that some users' accounts were breached and funds were leaked have been mounting, and the company said a security vulnerability in a third-party authentication tool was the cause. Polymarket said it has already fixed the issue and that there is no additional risk.
On the 25th (local time), Cointelegraph reported that Polymarket announced on its official Discord the previous day that it had "identified and addressed a security issue affecting a small number of user accounts." Polymarket said the incident was caused by a vulnerability in a third-party authentication provider, not by its internal systems.
Polymarket said, "The security issue has already been remedied and there is no ongoing threat," and "we will contact affected users individually." However, it did not disclose specific numbers of affected users or the amount of funds leaked.
This explanation came after reports of incidents spread on social media such as Reddit and X. Some users claimed that after multiple login attempts on their accounts, all of their funds were withdrawn.
One Reddit user said, "There were three login attempts in one day and then all transactions were settled and the balance was nearly zero," adding, "No security anomalies were found on personal devices or other services."
Some users suspected that Magic Labs, an external wallet service linked to Polymarket, might have been the cause of the incident. A user on X claimed, "Funds were drained from a Polymarket wallet created via Magic Labs," and "I did not click any phishing emails or links."
This is not the first time Polymarket user accounts have had security issues. At the end of last year, there were reports of some user accounts being compromised during login via Google accounts. The industry says that as the number of users and the transaction volume of prediction market platforms rapidly expand, the need to review authentication and wallet integration security is being highlighted again.
YM Lee
20min@bloomingbit.ioCrypto Chatterbox_ tlg@Bloomingbit_YMLEE
![Despite Trump’s pledge to ‘cut’… “U.S. debt ratio set to hit post-WWII high” [Lee Sang-eun’s Washington Now]](https://media.bloomingbit.io/PROD/news/8c7809d5-0bc5-4094-8563-4dbd8393af0f.webp?w=250)
![Selling pressure despite a 'surprise jobs report'… the three major indexes end slightly lower [New York Stock Market Briefing]](https://media.bloomingbit.io/PROD/news/71d04eea-1cc0-4ced-a1e2-c695c8d95cac.webp?w=250)
