Polymarket points to external authentication flaw after user attack.

• Polymarket confirms attack linked to third-party provider.
• Users report losses after logging in via Magic Labs.
• Security flaw reignites about external authentication.

Polymarket, a decentralized prediction markets platform, confirmed that several user accounts suffered recent losses following a security incident associated with a third-party authentication provider. The situation gained visibility after reports began circulating on X and Reddit, with users describing unauthorized access and depletion of balances.

According to testimonies published on social media, the attacks occurred even without any indication of compromise to users' personal devices or email accounts. One of the most shared accounts detailed the surprise at finding closed transactions and virtually no available balance.

"I woke up today and saw 3 login attempts on Polymarket — my device wasn't compromised, Google didn't find anything suspicious, and all other services are working normally."

wrote a user on Reddit.

"Then I went to Polymarket and realized that all my trades had been closed and my balance was $0,01."

Another user claimed to have received three login attempt notifications before funds were drained from their Polymarket account. The case drew attention because, according to them, there was no interaction with suspicious links and two-factor authentication was active on their email, raising questions about the origin of the vulnerability.

Based on reports, the outage appears to have primarily affected users who created accounts through Magic Labs, a service that allows login with an email address and creates non-custodial Ethereum wallets. This registration method is widely used by cryptocurrency beginners, especially those who do not yet have their own digital wallet.

On Tuesday, Polymarket officially acknowledged the issue on its Discord channel, stating that the flaw has been fixed and there are no ongoing risks. “We recently identified and resolved a security issue affecting a small number of users,” Polymarket wrote. “The issue was caused by a vulnerability introduced by a third-party authentication provider.” The company also stated that it will contact affected users directly.

Despite its statement, the platform did not disclose how many accounts were affected or the total value of the losses, nor did it confirm which provider was involved. The episode, however, rekindles memories of previous incidents at Polymarket, including cases where similar exploits of external services resulted in the diversion of funds and phishing campaigns that exploited functionalities of the platform itself.