Polymarket: Third-party authentication vulnerability leads to the theft of a small number of user accounts.

Odaily Planet Daily reports that Polymarket has detected and resolved a security issue affecting a "small number of users," caused by a vulnerability introduced by a third-party authentication provider. Previously, multiple Polymarket users reported on Reddit and the X platform that their accounts experienced unauthorized logins, funds were wiped out, and trading positions were forcibly closed.

The affected users were primarily those who logged in via email through Magic Labs. Some victims reported that despite enabling two-factor authentication (2FA) and their devices not being illegally accessed, their accounts were still stolen after multiple abnormal login attempts. Polymarket has confirmed that the vulnerability has been fixed and there is currently no persistent risk. The platform is directly contacting affected users. Previously, in late 2024, the platform also experienced a similar incident where some users logging in via Google had their assets stolen due to a third-party plugin vulnerability.