Polymarket cites third-party vulnerability in recent user account hack

Decentralized prediction market platform Polymarket confirmed a recent security breach affecting multiple users, who reported drained balances after suspicious login attempts. The issue was attributed to a vulnerability in a third-party authentication provider, specifically affecting users who signed up through Magic Labs, which creates non-custodial Ethereum wallets via email sign-in. Polymarket acknowledged the issue on Discord, stating it has been resolved with no ongoing risks, and promised to contact impacted users, though the number of affected users and total losses were not disclosed. This incident echoes a similar security issue in September 2024 involving Google logins and a third-party provider.

(Source：The Block)