Polymarket user accounts were hacked, causing controversy. The official response: it is related to third-party login tools.

Decentralized Prediction Market Polymarket Recently Faces Account Security Controversy. Multiple users have reported that their Polymarket accounts were hacked without any abnormal activity, and funds within the accounts were quickly transferred out. In response to these series of account thefts, Polymarket officials have attributed the issue to an unnamed third-party login service provider.

According to the platform’s response on its official Discord channel, after user reports of fund loss and suspicious login activity, Polymarket confirmed that a security incident had occurred. Multiple posts from users on Reddit and X indicate that some users, after receiving login alerts not initiated by themselves, found their account balances emptied. One user stated that their device and other accounts had not been compromised, but only $0.01 remained in their Polymarket account.

Another user revealed that even with two-factor authentication (2FA) enabled, they still lost about $2000 worth of assets. Yet another user claimed that their top 1000 main Polymarket account was emptied, and even test accounts were not spared. These cases further heightened market concerns over Polymarket account security and the risks associated with third-party authentication.

Although Polymarket did not explicitly name the specific third-party service provider, many users on social platforms pointed out that the issue might be related to Magic Labs. Magic Labs offers email login and automatic wallet creation, lowering the barrier for new users to access Web3 platforms, and is widely used for accessing Polymarket and other decentralized applications.

In a statement, Polymarket acknowledged the existence of security vulnerabilities but did not disclose the number of affected users or the scale of stolen funds. A company spokesperson stated that the issue stemmed from a vulnerability introduced by the third-party authentication provider, which has now been fixed. The platform currently does not pose ongoing security risks and will proactively contact affected users.

As of now, neither Polymarket nor Magic Labs has responded further to external inquiries. This incident has also reignited industry discussions on third-party login tools, secure custody solutions, and user asset protection mechanisms on decentralized platforms. As prediction markets and Web3 application user bases expand, account security and authentication risks may become key factors in platform competition.