Polymarket points to third-party login tool after users report account breaches
CoinDesk
Polymarket attributed recent user account breaches, resulting in wiped balances, to a vulnerability in a third-party authentication provider.Summary
Prediction market Polymarket confirmed a security incident where several users reported missing funds and suspicious login attempts, leading to drained accounts, sometimes despite having two-factor authentication enabled. The platform blamed an unidentified third-party login provider for the issue, which users speculated was Magic Labs, a popular email-based login tool that automatically creates wallets for newcomers. Polymarket stated the vulnerability has been resolved, there is no ongoing risk, and they will contact affected users, though they did not disclose the number of users impacted or the total amount stolen.
(Source:CoinDesk)