Woke up to find the account balance remaining at $0.01! Polymarket confirms that some users were hacked due to third-party vulnerabilities.

In response to recent incidents where users’ assets were stolen by hackers, decentralized prediction market platform Polymarket confirmed on Tuesday that the breach was caused by security vulnerabilities in a third-party authentication service provider.
Not clicking phishing links, enabling two-factor authentication — yet accounts were emptied
This cybersecurity incident has been brewing since the beginning of this week, with many users posting救援 messages on Reddit and X, describing the tragic story of their account assets disappearing. One user pointed out in a Reddit discussion:

This morning, when I opened my eyes, I saw a notification on my phone indicating three login attempts to Polymarket. My device was not hacked, and there were no anomalies with my Google account, but when I quickly logged into Polymarket to check, I found all my trades had been closed out, and my account balance was only $0.01.

Another distressed user on the message board experienced the same pattern of attack: after receiving three login alerts, their funds were immediately looted. Alarmingly, this user emphasized that they had never clicked any phishing links, and even enabled two-factor authentication (2FA) on their email, yet they still could not prevent the hackers’ assault.
Based on victim reports compiled from social media, this attack seems to primarily target users who registered with Polymarket via Magic Labs.
Magic Labs is a third-party login and wallet service designed specifically for Crypto “beginners.” Users do not need to have complex private key management knowledge; they can quickly register with an email, and the system automatically generates a “non-custodial Ethereum wallet” in the background.
Although Magic Labs lowers the barrier to entry into the Crypto space, this attack demonstrates that convenient third-party verification services, if vulnerable to security issues, can become a shortcut for hackers to infiltrate.
After remaining silent for several days, Polymarket finally responded to the incident on Tuesday via their official Discord channel:

We recently discovered and resolved a security issue affecting a small number of users. This incident was caused by a vulnerability in a third-party identity verification service provider.

However, Polymarket did not specify the number of affected users, disclose the total amount of stolen funds, or name the involved third-party service provider. The platform only emphasized that the relevant vulnerability has been patched and that no ongoing risks have been observed.