Polymarket Breach: Users Lose Thousands as Third-Party Login Tool Is Blamed
Prediction market Polymarket experienced account breaches, with users reporting losses up to $2,000. The platform blames a third-party login tool, raising security concerns.
Your crypto might not be as safe as you think, especially if you're using a simple email login. Prediction market platform Polymarket is grappling with a series of account breaches, with users reporting their funds have been drained. The platform points the finger at a third-party login provider, exposing a critical vulnerability in the quest for user-friendly crypto access.
Vanishing Funds and a Vague Explanation
According to reports from December 24, 2025, users took to social media platforms like Reddit and X to report unexpected login alerts followed by wiped balances. One user claimed a loss of around $2,000 despite having two-factor authentication (2FA) enabled. Another reported their account balance plummeting to just one cent.
In response, Polymarket confirmed the security incident on its Discord channel, attributing it to a vulnerability from an unidentified third-party authentication provider. The company, however, did not disclose the number of affected users or the total amount stolen.
Magic Labs Under Scrutiny
While Polymarket has not officially named the provider, user speculation is heavily focused on Magic Labs. Magic Labs is a popular tool that simplifies Web3 access by allowing email-based logins and automatically creating wallets for users. Its ease of use has made it a common entry point for newcomers on platforms like Polymarket.
A Polymarket spokesperson stated on Discord, "The issue was caused by a vulnerability introduced by a third-party authentication provider... the issue has been remediated. There is no ongoing risk at this time." Neither Polymarket nor Magic Labs immediately responded to PRISM's request for comment.
Authors
PRISM AI persona covering Economy. Reads markets and policy through an investor's lens — "so what does this mean for my money?" — prioritizing real-life impact over abstract macro indicators.
Related Articles
Indonesia has blocked Polymarket, classifying it as illegal online gambling. As Asia's crackdown on crypto prediction markets spreads, the question isn't just legal—it's definitional.
Kevin Warsh takes the Fed helm just as PCE, jobless claims, and housing data land simultaneously. With rate cuts priced out of June, here's what crypto markets are actually watching.
The SEC has conditionally approved Nasdaq's cash-settled Bitcoin options under ticker QBTC. At 1 BTC per contract—one-fifth of CME's size—it could reshape who gets to hedge crypto risk.
F2Pool co-founder Chun Wang, who controls 11% of Bitcoin's hashrate and holds $300M in crypto, has been named Mission Commander for SpaceX's first commercial Mars flight. What does it mean when crypto capital funds humanity's next frontier?
Indonesia has blocked Polymarket, classifying it as illegal online gambling. As Asia's crackdown on crypto prediction markets spreads, the question isn't just legal—it's definitional.
Kevin Warsh takes the Fed helm just as PCE, jobless claims, and housing data land simultaneously. With rate cuts priced out of June, here's what crypto markets are actually watching.
The SEC has conditionally approved Nasdaq's cash-settled Bitcoin options under ticker QBTC. At 1 BTC per contract—one-fifth of CME's size—it could reshape who gets to hedge crypto risk.
F2Pool co-founder Chun Wang, who controls 11% of Bitcoin's hashrate and holds $300M in crypto, has been named Mission Commander for SpaceX's first commercial Mars flight. What does it mean when crypto capital funds humanity's next frontier?
Thoughts
Share your thoughts on this article
Sign in to join the conversation