Back
Polymarket Confirms Security Breach Linked to Third-Party Authentication Provider

Polymarket Confirms Security Breach Linked to Third-Party Authentication Provider

Polymarket confirms that a vulnerability in Magic Labs’ email login system led to unauthorized account access and asset theft; the flaw is now patched and victims are being contacted.

Summary

Polymarket has fixed a security issue linked to a vulnerability in Magic Labs’ third-party email login system, which allowed unauthorized access to some accounts and asset theft despite two-factor authentication. The breach affected a subset of users who experienced drained balances. The flaw has been patched, and Polymarket is actively contacting all impacted individuals.

Terms & Concepts
  • Two-factor authentication (2FA): An added security layer requiring a second verification factor, such as a code, in addition to a password.
  • Magic Labs: A third-party tool for email-based logins and automatic wallet creation; confirmed as the provider involved in this incident.
  • Polymarket: A blockchain-based prediction market platform where users trade on event outcomes.