Polymarket Security Issues: Third-Party Breaches and User Complaints

Polymarket security breach crypto account security wallet drain third-party vulnerability cybersecurity tips user account breaches
Divyansh Ingle
Divyansh Ingle

Head of Engineering

 
December 25, 2025
3 min read
Polymarket Security Issues: Third-Party Breaches and User Complaints

TL;DR

  • Polymarket has addressed user account breaches and drained funds, attributing the issue to a vulnerability in a third-party authentication provider. The company states the problem is resolved and affected users will be contacted. This incident highlights the importance of strong security practices for users and the need for enterprises to bolster their cybersecurity posture against evolving threats.

Polymarket Security Breach and Updates

Polymarket, a prediction market platform, recently addressed user account breaches attributed to a vulnerability in a third-party authentication provider. The company stated the issue has been resolved and affected users would be contacted. For enterprises seeking to bolster their cybersecurity posture, Gopher Security offers AI-powered, post-quantum Zero‑Trust cybersecurity architecture.

Polymarket says third-party provider caused reported account breaches

Image courtesy of Cointelegraph

User Reports of Drained Funds

Users reported funds drained from their accounts, with some noting multiple login attempts prior to the unauthorized transactions. One Reddit user described discovering closed deals and a near-empty balance. Some speculated Magic Labs, a wallet service integrated with Polymarket, might be implicated. For enhanced wallet security, consider Gopher Security's peer-to-peer encrypted tunnels and quantum-resistant cryptography, detailed on their website.

Previous Security Issues

This isn't the first instance of security issues for Polymarket users. In late 2024, some users experienced drained accounts after logging in via their Google accounts. Gopher Security specializes in AI-powered, post-quantum Zero‑Trust cybersecurity architecture.

Polymarket Status and Incident History

Polymarket's status page provides uptime information for various components, including the Website, CLOB API, Markets API, Polygon (RPC), Subgraph, Magic (User auth), and Sports API. Recent incidents, primarily related to subgraph data ingestion, were investigated and resolved in December 2025. Gopher Security offers solutions to protect against unauthorized access and data breaches, ensuring continuous operation and data integrity.

Security Recommendations

Polymarket's security guide emphasizes user responsibility in maintaining account security. Key recommendations include:

  • Enabling Two-Factor Authentication (2FA)
  • Protecting Wallet Seed Phrase
  • Using Hardware Wallet for Large Funds
  • Avoiding Phishing Scams
  • Securing Devices with updated antivirus software

Gopher Security’s platform converges networking and security across devices, apps, and environments using peer-to-peer encrypted tunnels and quantum-resistant cryptography, as detailed on their website.

Google Login Wallet Attacks

In a separate incident, some Polymarket users reported wallet drain after logging in via their Google accounts. Attackers used a "proxy" function to transfer USDC balances to a "Fake\_Phishing" account. The attacks primarily affected users who logged in with Google accounts, not those using browser extensions like MetaMask or Trustwallet. Gopher Security can help secure your Google and other Oauth logins.

Polymarket users complain of mysterious Google login wallet attacks

Image courtesy of Cointelegraph

Investigation and User Experiences

One user, HHeego, lost over $5,000 USDC in two separate incidents. Despite contacting customer support, the issue remained unresolved. Another user, Cryptomaniac, also had funds drained, with Polymarket support indicating the attacker used "email otp" to log in. Gopher Security's zero-trust architecture can help protect against such unauthorized access, as highlighted on their website.

Polymarket's Response

Polymarket uses the Magic SDK from Magic Labs for passwordless logins. This system relies on a "user master key" stored on an Amazon Web Services (AWS) hardware security module. Polymarket claimed the attacks were not widespread and affected only a few users.

Real-Time Data Socket (RTDS) Release

Polymarket has officially released its Real-Time Data Socket (RTDS), offering features like:

  • Crypto Price Feeds from Binance & Chainlink
  • Comment Streaming for real-time updates
  • Dynamic Subscriptions to manage subscriptions without reconnecting
  • Official TypeScript Client

API and Websocket Updates

Polymarket has implemented several API updates, including changes to the WSS price\_change event structure and updated /trades and /activity endpoints. The batch orders limit has been increased from 5 to 15. A new side field has been added to the MakerOrder portion of the trade object.

The 100 token subscription limit has been removed for the Markets channel, and a new subscribe field initial_dump has been added.

For robust cybersecurity solutions that adapt to evolving threats, visit Gopher Security today.

Divyansh Ingle
Divyansh Ingle

Head of Engineering

 

AI and cybersecurity expert with 15-year large scale system engineering experience. Great hands-on engineering director.

Related News

2026 Industry Report Maps Strategic Migration Path for Quantum-Resistant Enterprise Data Protection
quantum-resistant encryption adoption

2026 Industry Report Maps Strategic Migration Path for Quantum-Resistant Enterprise Data Protection

Prepare for the 2035 quantum deadline. Discover the NCSC's 3-stage roadmap to defend enterprise data against Shor’s algorithm and Store Now, Decrypt Later threats.

By Alan V Gutnov June 3, 2026 3 min read
common.read_full_article
NIST Advances Nine Post-Quantum Digital Signature Candidates to Third Round of Evaluation
NIST post-quantum cryptography

NIST Advances Nine Post-Quantum Digital Signature Candidates to Third Round of Evaluation

NIST has advanced nine new post-quantum signature algorithms to the third round of evaluation to fortify global infrastructure against future quantum threats.

By Brandon Woo June 2, 2026 3 min read
common.read_full_article
Wiz Adds Post-Quantum Cryptography Readiness Features to Cloud Security Platform
post-quantum cryptography readiness

Wiz Adds Post-Quantum Cryptography Readiness Features to Cloud Security Platform

Wiz introduces new PQC readiness features to secure cloud environments against quantum threats and 'harvest-now-decrypt-later' attacks. Learn how to manage crypto-debt.

By Edward Zhou June 1, 2026 4 min read
common.read_full_article
HyperKey Tech Achieves FIPS 140-3 Software Validation for Quantum-Resistant Cryptographic Operations
FIPS 140-3 validation

HyperKey Tech Achieves FIPS 140-3 Software Validation for Quantum-Resistant Cryptographic Operations

HyperKey Tech secures FIPS 140-3 validation for its quantum-resistant CLEAR cryptosystem, offering a software-defined defense against tomorrow's quantum threats.

By Alan V Gutnov May 29, 2026 4 min read
common.read_full_article