Woke up to find the account balance remaining at $0.01! Polymarket confirms that some users were hacked due to third-party vulnerabilities.

In response to recent incidents where users’ assets were stolen by hackers, decentralized prediction market platform Polymarket confirmed on Tuesday that the breach was caused by security vulnerabilities in a third-party authentication service provider.

Not clicking phishing links, enabling two-factor authentication but accounts still emptied

This cybersecurity incident has been brewing since the beginning of this week, with many users posting救援 messages on Reddit and X, describing the tragic story of their account assets disappearing. One user pointed out in a Reddit discussion:

This morning I woke up to notifications on my phone about 3 login attempts to Polymarket. My device was not hacked, and my Google account showed no anomalies, but when I quickly logged into Polymarket to check, I found all my trades had been closed out, and my account balance was only $0.01.

Another distressed user on the message board also experienced the same attack pattern: after receiving 3 login alerts, their funds were immediately looted. Alarmingly, this user emphasized that they had never clicked any phishing links, and even enabled “two-factor authentication (2FA)” on their email, yet they still couldn’t stop the hackers.

Based on victim reports compiled on social media, this attack seems to specifically target users who registered on Polymarket via Magic Labs.

Magic Labs is a third-party login and wallet service designed specifically for Crypto “beginners.” Users do not need to have complex private key management knowledge; they can quickly register with an email, and the system automatically generates a “non-custodial Ethereum wallet” in the background.

Although Magic Labs lowers the barrier to entry into the Crypto space, this attack demonstrates that a third-party verification service that claims to be convenient can become a shortcut for hackers if security vulnerabilities arise.

After remaining silent for several days, Polymarket finally responded to the incident on Tuesday via their official Discord channel:

We recently discovered and resolved a security issue affecting a small number of users. This incident was caused by a vulnerability in a third-party identity verification service provider.

However, Polymarket did not specify the number of affected users, nor disclose the total amount of stolen funds, and did not name the involved third-party service provider. The platform only emphasized that the relevant vulnerability has been patched and that no ongoing risks have been observed.

Polymarket added that they will proactively contact all affected users. Whether they will fully compensate users for their losses remains to be further clarified.

Disclaimer: This article is for market information only. All content and opinions are for reference only and do not constitute investment advice. They do not represent the objective views and positions of BlockCast. Investors should make their own decisions and transactions. The author and BlockCast will not be responsible for any direct or indirect losses resulting from investor transactions.