Polymarket has just disclosed that a security issue affected certain user accounts. It suggests that a weakness in a third-party authentication provider enabled unauthorised access and caused losses for multiple victims. The site claims it has resolved the issue and that there is no longer any persistent risk.
Polymarket refused to deny that a security vulnerability on its platform had affected some of its users. One of these individuals reported the hack on Reddit, claiming that there were three attempts to enter their Polymarket account.
“Today I woke up and saw three attempts to log in to polymarket — My device isn’t compromised, Google found nothing suspicious, all other services are fine,” a member of the Reddit community posted. “So I went to Polymarket and realised that all my deals were closed and the balance is $0.01.”
Another user in the comments area claimed to have had a similar security incident, receiving three attempted login notifications before cash was taken from their Polymarket account, despite not clicking any links and having two-factor authentication activated in their email.
According to user complaints on social media, the problem appears to have affected customers who signed up for Polymarket using Magic Labs, which allows users to sign in using email addresses and construct non-custodial Ethereum wallets. Magic Labs sign-up is popular among first-time cryptocurrency users who do not currently have digital asset wallets.
According to one user, when he contacted the Polymarket staff, they stated that Polygon was responsible. “First-line AI support told me it was a problem with Polygon, which is patently nonsense. Then a human told me how to track where my funds went,” the trader added.
The most ridiculous aspect is that this idea has already taken off on Polymarket. In September 2024, individuals reported financial withdrawals after checking in using Google. USDC transfers to phishing addresses followed this, whereas wallet extension users appeared less vulnerable. As if it wasn’t enough, a phishing campaign was revealed through comments in November 2025, resulting in over $500,000 in alleged losses.
Polymarket is rapidly transforming into a new behemoth with its entry into the US market. This month, the platform had 419,309 active users, 19.63 million transactions, and a total trading volume of $1.538 billion.
Furthermore, in 2025, the Polygon mainnet had 15 separate network anomalies, maintenance events, or outages, some of which caused delays in Polymarket order matching. The most recent outage happened on December 18. Furthermore, the relatively fragile ecology has objectively become a restriction.
However, this will affect the Polygon network. Defillama data shows that all positions on the Polymarket platform are currently worth around $326 million. This is a quarter of the $1.19 billion locked up on the Polygon network.
Additionally, Coin Metrics reported that Polymarket transactions consumed approximately 25% of Polygon’s total network gas. Dune statistics also show that Polymarket transactions utilised approximately $216,000 in petrol in November. According to Token Terminal statistics, Polygon utilised around $939,000 in petrol in the same month, or about 23%.
