Polymarket confirms user accounts were hacked due to a third-party authentication vulnerability

According to The Block, the crypto prediction market platform Polymarket confirmed on December 24 that multiple user accounts were hacked due to a security vulnerability in a third-party authentication provider. Affected users reported on social media that their funds were drained even with two-factor authentication enabled. The issue appears to be related to the email login service provided by Magic Labs, which is a common registration method for many first-time cryptocurrency users.

Polymarket stated that it has resolved this security issue and there is currently no ongoing risk, but it did not disclose the number of affected users or the amount of losses.