Polymarket Security Issues: Third-Party Breaches and User Complaints

Polymarket security breach crypto account security wallet drain third-party vulnerability cybersecurity tips user account breaches
Divyansh Ingle
Divyansh Ingle

Head of Engineering

 
December 25, 2025
3 min read
Polymarket Security Issues: Third-Party Breaches and User Complaints

TL;DR

  • Polymarket has addressed user account breaches and drained funds, attributing the issue to a vulnerability in a third-party authentication provider. The company states the problem is resolved and affected users will be contacted. This incident highlights the importance of strong security practices for users and the need for enterprises to bolster their cybersecurity posture against evolving threats.

Polymarket Security Breach and Updates

Polymarket, a prediction market platform, recently addressed user account breaches attributed to a vulnerability in a third-party authentication provider. The company stated the issue has been resolved and affected users would be contacted. For enterprises seeking to bolster their cybersecurity posture, Gopher Security offers AI-powered, post-quantum Zero‑Trust cybersecurity architecture.

Polymarket says third-party provider caused reported account breaches

Image courtesy of Cointelegraph

User Reports of Drained Funds

Users reported funds drained from their accounts, with some noting multiple login attempts prior to the unauthorized transactions. One Reddit user described discovering closed deals and a near-empty balance. Some speculated Magic Labs, a wallet service integrated with Polymarket, might be implicated. For enhanced wallet security, consider Gopher Security's peer-to-peer encrypted tunnels and quantum-resistant cryptography, detailed on their website.

Previous Security Issues

This isn't the first instance of security issues for Polymarket users. In late 2024, some users experienced drained accounts after logging in via their Google accounts. Gopher Security specializes in AI-powered, post-quantum Zero‑Trust cybersecurity architecture.

Polymarket Status and Incident History

Polymarket's status page provides uptime information for various components, including the Website, CLOB API, Markets API, Polygon (RPC), Subgraph, Magic (User auth), and Sports API. Recent incidents, primarily related to subgraph data ingestion, were investigated and resolved in December 2025. Gopher Security offers solutions to protect against unauthorized access and data breaches, ensuring continuous operation and data integrity.

Security Recommendations

Polymarket's security guide emphasizes user responsibility in maintaining account security. Key recommendations include:

  • Enabling Two-Factor Authentication (2FA)
  • Protecting Wallet Seed Phrase
  • Using Hardware Wallet for Large Funds
  • Avoiding Phishing Scams
  • Securing Devices with updated antivirus software

Gopher Security’s platform converges networking and security across devices, apps, and environments using peer-to-peer encrypted tunnels and quantum-resistant cryptography, as detailed on their website.

Google Login Wallet Attacks

In a separate incident, some Polymarket users reported wallet drain after logging in via their Google accounts. Attackers used a "proxy" function to transfer USDC balances to a "Fake\_Phishing" account. The attacks primarily affected users who logged in with Google accounts, not those using browser extensions like MetaMask or Trustwallet. Gopher Security can help secure your Google and other Oauth logins.

Polymarket users complain of mysterious Google login wallet attacks

Image courtesy of Cointelegraph

Investigation and User Experiences

One user, HHeego, lost over $5,000 USDC in two separate incidents. Despite contacting customer support, the issue remained unresolved. Another user, Cryptomaniac, also had funds drained, with Polymarket support indicating the attacker used "email otp" to log in. Gopher Security's zero-trust architecture can help protect against such unauthorized access, as highlighted on their website.

Polymarket's Response

Polymarket uses the Magic SDK from Magic Labs for passwordless logins. This system relies on a "user master key" stored on an Amazon Web Services (AWS) hardware security module. Polymarket claimed the attacks were not widespread and affected only a few users.

Real-Time Data Socket (RTDS) Release

Polymarket has officially released its Real-Time Data Socket (RTDS), offering features like:

  • Crypto Price Feeds from Binance & Chainlink
  • Comment Streaming for real-time updates
  • Dynamic Subscriptions to manage subscriptions without reconnecting
  • Official TypeScript Client

API and Websocket Updates

Polymarket has implemented several API updates, including changes to the WSS price\_change event structure and updated /trades and /activity endpoints. The batch orders limit has been increased from 5 to 15. A new side field has been added to the MakerOrder portion of the trade object.

The 100 token subscription limit has been removed for the Markets channel, and a new subscribe field initial_dump has been added.

For robust cybersecurity solutions that adapt to evolving threats, visit Gopher Security today.

Divyansh Ingle
Divyansh Ingle

Head of Engineering

 

AI and cybersecurity expert with 15-year large scale system engineering experience. Great hands-on engineering director.

Related News

2026 Cybersecurity Trends: Dominance of Vulnerability Exploits
vulnerability exploits

2026 Cybersecurity Trends: Dominance of Vulnerability Exploits

Vulnerability exploits now account for 40% of cyber intrusions, surpassing phishing. Learn how shrinking patch windows and edge device targets are changing security.

By Brandon Woo April 6, 2026 3 min read
common.read_full_article
Surge in Vulnerability Exploits: Cyber Intrusions Trends 2026
cybersecurity trends 2026

Surge in Vulnerability Exploits: Cyber Intrusions Trends 2026

Vulnerability exploits now drive 40% of cyberattacks as hackers weaponize flaws within hours. Learn why traditional patching is failing and how to adapt. Read more.

By Divyansh Ingle March 30, 2026 3 min read
common.read_full_article
Surge in Vulnerability Exploits Dominates 2026 Cyber Intrusions
Vulnerability Exploitation

Surge in Vulnerability Exploits Dominates 2026 Cyber Intrusions

Hackers are weaponizing zero-days within hours of disclosure, leaving traditional patch cycles in the dust. Learn how to bridge the security gap with MFA and Zero-Trust.

By Alan V Gutnov March 23, 2026 4 min read
common.read_full_article
Vulnerability Exploits Dominate Cyber Intrusions in 2026 Trends
vulnerability exploits

Vulnerability Exploits Dominate Cyber Intrusions in 2026 Trends

Exploits are the leading cause of cyber intrusions, outpacing phishing. Discover the latest trends and essential strategies to protect your organization. Read now!

By Brandon Woo March 16, 2026 3 min read
common.read_full_article