Polymarket Breach: Users Lose Thousands as Third-Party Login Tool Is Blamed

Your crypto might not be as safe as you think, especially if you're using a simple email login. Prediction market platform Polymarket is grappling with a series of account breaches, with users reporting their funds have been drained. The platform points the finger at a third-party login provider, exposing a critical vulnerability in the quest for user-friendly crypto access.

Vanishing Funds and a Vague Explanation

According to reports from December 24, 2025, users took to social media platforms like Reddit and X to report unexpected login alerts followed by wiped balances. One user claimed a loss of around $2,000 despite having two-factor authentication (2FA) enabled. Another reported their account balance plummeting to just one cent.

In response, Polymarket confirmed the security incident on its Discord channel, attributing it to a vulnerability from an unidentified third-party authentication provider. The company, however, did not disclose the number of affected users or the total amount stolen.

Magic Labs Under Scrutiny

While Polymarket has not officially named the provider, user speculation is heavily focused on Magic Labs. Magic Labs is a popular tool that simplifies Web3 access by allowing email-based logins and automatically creating wallets for users. Its ease of use has made it a common entry point for newcomers on platforms like Polymarket.

A Polymarket spokesperson stated on Discord, "The issue was caused by a vulnerability introduced by a third-party authentication provider... the issue has been remediated. There is no ongoing risk at this time." Neither Polymarket nor Magic Labs immediately responded to PRISM's request for comment.