--- title: "Polymarket Blames Third-Party Login Provider for User Account Hacks" date: 2025-12-24 author: "Barry Elad" featured_image: "https://sqmagazine.co.uk/wp-content/uploads/2025/12/polymarket-faces-third-party-login-issues-and-user-account-hacks.jpg" categories: - name: "Cryptocurrency" url: "/crypto.md" tags: - name: "News" url: "/tag/news.md" --- # Polymarket Blames Third-Party Login Provider for User Account Hacks Several Polymarket users reported unexpected losses just before Christmas, prompting the platform to confirm a security issue tied to a third-party login service. ## Quick Summary – TLDR: - Multiple Polymarket users had their accounts drained, reportedly due to a vulnerability in a third-party authentication provider. - The issue mainly impacted users who signed in using Magic Labs’ email-based login, not those using direct wallet connections. - Polymarket says the flaw has been fixed and no ongoing risks remain, though exact user impact is undisclosed. - This incident adds to a growing list of security issues involving Web3 platforms and third-party services. ## What Happened? Between December 22 and 24, users on Reddit, X, and [Discord](https://sqmagazine.co.uk/discord-statistics/) began reporting that their Polymarket accounts were showing suspicious login attempts followed by balance wipes. Many confirmed that **their devices were secure**, two-factor authentication was enabled, and no phishing links had been clicked. Despite these precautions, their **account funds were gone**. Polymarket quickly responded through its official Discord, acknowledging a **security vulnerability linked to a third-party authentication provider**. While the platform stopped short of naming the provider, all signs pointed to **Magic Labs**, which powers email-based logins and non-custodial Ethereum wallets for first-time crypto users. > ICYMI: [@Polymarket](https://twitter.com/Polymarket?ref_src=twsrc%5Etfw) has stated that the recent securtiy breach that led to several account hacks was the result of a third-party authentication provider, Magic Labs. [pic.twitter.com/VDPoAWQdHj](https://t.co/VDPoAWQdHj) > > — crypto.news (@cryptodotnews) [December 24, 2025](https://twitter.com/cryptodotnews/status/2003826494507028797?ref_src=twsrc%5Etfw) ## Accounts Drained Despite Precautions Affected users shared a common pattern. Most had used Magic Labs’ login system, sometimes referred to as a “magic link,” allowing them to access Polymarket using just an email. > Caution if you’re using magic links for your [@Polymarket](https://twitter.com/Polymarket?ref_src=twsrc%5Etfw) account. There appears to be a coordinated attempt to drain accounts accessed via magic link, possibly by exploiting an underlying vulnerability. > > — shawtyisaten (@shawtyis\_a\_10) [December 23, 2025](https://twitter.com/shawtyis_a_10/status/2003292446705484099?ref_src=twsrc%5Etfw) - **One Reddit user noted, “Today I woke up and see 3 attempts to login to Polymarket… all my deals were closed and balance is $0.01.”** - Another user said they also saw three login attempts before their account was drained, despite not clicking any suspicious links and having 2FA enabled. Reports consistently mentioned that **direct wallet users were not affected**, and the **core Polymarket [smart contracts](https://sqmagazine.co.uk/smart-contract-bug-bounties-statistics/) remained secure**. ## No Ongoing Risk, Says Polymarket Polymarket has stated that the vulnerability has been patched, and there is **no continuing threat** to user accounts. The platform has begun contacting those affected but **has not shared how many users were impacted or how much was lost**. A spokesperson confirmed: “ The issue was caused by a vulnerability introduced by a third-party authentication provider. We recently identified and resolved the issue. We will be in contact with impacted users. Polymarket Spokesperson This incident mirrors previous ones the platform has faced: - In **September 2024**, attackers drained wallets using proxy function calls on accounts linked via Google logins. - In **November 2025**, a [phishing campaign](https://sqmagazine.co.uk/brooklyn-coinbase-phishing-crypto-scam/) in comment sections resulted in over **$500,000 in losses**, although that attack relied on deceptive links, not technical flaws. ## Bigger Risk in Web3 Login Systems While Polymarket’s main protocol was untouched, this breach highlights an ongoing challenge in crypto: **balancing ease of use with security**. Services like Magic Labs are attractive for newcomers because they eliminate the need for traditional [crypto wallets](https://sqmagazine.co.uk/cryptocurrency-cold-wallet-statistics/) or managing private keys. However, these conveniences can become liabilities. This event reaffirms the **“weakest link” problem** in Web3: a secure protocol can still be undermined by third-party integrations. ## Regulatory and Market Context The timing of the incident is notable. In recent months, Polymarket has seen **significant growth**, recording over **$3 billion in trading volume** and **338,000 unique traders** by October. It also received an **Amended Order of Designation from the U.S. Commodity Futures Trading Commission (CFTC)**, allowing it to operate under a federal regulatory framework. With this new spotlight, **security concerns are even more critical**. Although the breach was relatively contained, it may prompt the platform to rethink its approach to user onboarding and third-party dependencies. ## SQ Magazine’s Takeaway This is one of those “hard lesson” moments for both platforms and users in Web3. I get the appeal of quick email-based logins, especially for newcomers who want to skip the wallet setup. But stories like this show how fragile that convenience can be. Even if the core tech is rock-solid, one crack in the login system can shatter user trust. If you’re jumping into crypto, now’s a good time to reconsider how you secure your assets. For Polymarket, it’s not just about fixing the issue but proving they’ve learned from it.