Платформа предсказаний Polymarket вновь сталкивается с проблемой безопасности из-за уязвимости стороннего провайдера Prediction platform Polymarket faces security issue again due to vulnerability from third-party provider.

The prediction platform Polymarket has confirmed that several users have been affected by a hack related to a vulnerability in a third-party provider.

This week, social media posts began surfacing where users reported unauthorized login attempts and the draining of their account balances.

«I woke up today to find that there had been three login attempts on my Polymarket profile. My device is not compromised, Google found nothing suspicious, and all other services are functioning properly. I logged onto the platform and saw that all my trades were closed, leaving me with a balance of $0.01,» wrote one user on Reddit.

Another victim reported receiving a series of notifications about login attempts before discovering missing funds. This user emphasized that they had not clicked on any suspicious links and were utilizing two-factor authentication.

Based on comments, the issue seems to have affected Polymarket customers who were using the Magic Labs service, which allows logins via email and creates non-custodial Ethereum wallets. This method is particularly favored by novice crypto investors.

«We recently identified and resolved a security issue that affected a small number of users. The problem was caused by a vulnerability introduced by a third-party authentication provider,» Polymarket stated.

The platform did not disclose the exact number of victims, the total financial loss, or the name of the provider responsible for the issue.

This isn’t the first incident of its kind for Polymarket. In September 2024, several users who logged in through Google fell victim to complete wallet depletion.

Hackers exploited proxy function manipulations to automatically withdraw USDC to their own addresses. An investigation by the platform revealed that the vulnerability was also linked to third-party authentication providers.

In November 2025, fraudsters launched a large-scale phishing campaign in the comments section of Polymarket. They distributed phishing links disguised as official resources to trick victims into revealing their credentials. The damage from this scheme exceeded $500,000.

It’s worth noting that Polymarket resumed operations in the U.S. after resolving a dispute with the local regulator.