Polymarket confirms that recent user account hacks were caused by third-party vulnerabilities

On December 24, the decentralized prediction market platform Polymarket confirmed that a recent security vulnerability involving a third-party identity verification provider affected multiple users. Earlier this week, reports of Polymarket account hacks began appearing on X and Reddit, with affected users detailing their losses on social media. According to user reports on social media, the issue seems to have impacted users who registered with Polymarket through Magic Labs. Magic Labs allows users to log in with an email address and create non-custodial Ethereum wallets. The Magic Labs registration service is widely used by many cryptocurrency newcomers who do not have digital asset wallets. On Tuesday, Polymarket acknowledged the security issue on its official Discord channel, stating: “We recently discovered and resolved a security issue affecting a small number of users. The issue was caused by a vulnerability introduced by a third-party identity verification provider.” However, Polymarket did not disclose the number of affected users or the amount stolen, nor did it specify the third-party service provider involved in the incident. The platform stated that the issue has been resolved and there is no potential risk. (The Block)