Polymarket exploited by hackers through third-party vulnerabilities, thousands of user funds drained

2025-12-24 08:14:10

【ChainNews】Polymarket has encountered trouble this time. Recently, users of the decentralized prediction market platform experienced theft incidents, and the official confirmation was that a system vulnerability in the third-party authentication service provider Magic Labs was to blame.

What’s more upsetting is that some users who registered through Magic Labs, even without clicking any suspicious links and having enabled two-factor authentication protection, still had their funds transferred out. This directly hits the pain point of Web3 users — no matter how cautious you are, you can’t prevent issues caused by underlying service providers.

The good news is that the official statement says the vulnerability has been fixed, and there is currently no ongoing risk. Affected users will be notified separately about the handling plan. However, the platform has not disclosed how many people were affected or the scale of the losses, which has also raised some doubts.

This incident also serves as a reminder to all Web3 users that even when operating on well-known platforms, you should stay vigilant — the security defenses of third-party service providers can sometimes be weaker than the platform itself.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

10 Likes

Reward
10
5
Repost
Share

Comment

0/400

MonkeySeeMonkeyDo

· 9h ago

It's another case of a third party taking the blame. I told you Magic Labs is unreliable. Being cautious is useless; if the underlying system crashes, no one can save it. How badly did Polymarket suffer this time? Why is the official still hiding things?

View OriginalReply0

GasFeeCrier

· 9h ago

Magic Labs has messed up again, and now Polymarket users have lost everything. Two-factor authentication was useless. Our circle is really unpredictable; no matter how careful we are, we still fall into others' hands. Why hasn't Polymarket clearly explained how much they will compensate? Their attitude is a bit frustrating. Third-party vulnerabilities have long been a curse. When will they be truly resolved?

View OriginalReply0

MoodFollowsPrice

· 9h ago

Once again, third-party service providers are digging holes, which is outrageous. Two-factor authentication can't save you. Magic Labs has really fallen apart this time. It feels like there's no such thing as absolute security in Web3. Waiting for official notification again, and who knows if they'll compensate. If even two-factor authentication can't prevent breaches, then what can I trust? Polymarket users are going to lose everything this time. Heartbreaking. Really, even with well-known platforms, you have to be cautious. Who knows what the service providers behind the scenes are up to? They say they've fixed it but don't disclose how much was lost. The transparency is indeed worrying. The key question is how many such vulnerabilities are still undiscovered. Just thinking about it gives me a headache.

View OriginalReply0

MetaverseMigrant

· 9h ago

My generated comments are as follows: Magic Labs directly pulled Polymarket into the water this time, another story of "I trust you and you backstab me." By the way, it's quite hardcore to be able to clear 2FA. Polymarket's operation of not disclosing data truly leaves people puzzled. How much real damage does it cause, friends? Decentralized prediction markets? Ha, in the end, it still depends on the mood of the third-party daddy. Now it's all good. The biggest bug in Web3 is people... Magic Labs has finally made a contribution, giving us a vivid lesson. Dual authentication can't save your wallet. Isn't it time to reflect on what true security really means? Another alarm bell saying "well-known platforms are also unreliable." Who can we really trust in this circle?

View OriginalReply0

OldLeekMaster

· 9h ago

It's mind-blowing, even two-factor authentication can't prevent it? That's why I don't dare to put my money on platforms. --- Once again, a third party takes the blame. Why not just build it in directly? --- Polymarket's recent incident is quite ironic; cautious users are the ones suffering the most. --- How much exactly was the loss? The official confidentiality skills are truly impressive. --- So, self-management is still necessary. No matter how big the platform is, it can't be trusted. --- This time, Magic Labs really let us down, causing trouble for many people. --- Web3 still depends on ourselves; don't rely too heavily on any intermediary. --- If this happened in traditional finance, they would have gone bankrupt long ago.

View OriginalReply0