Polymarket Security Issues: Third-Party Breaches and User Complaints

Polymarket security breach crypto account security wallet drain third-party vulnerability cybersecurity tips user account breaches
Divyansh Ingle
Divyansh Ingle

Head of Engineering

 
December 25, 2025 3 min read
Polymarket Security Issues: Third-Party Breaches and User Complaints

TL;DR

  • Polymarket has addressed user account breaches and drained funds, attributing the issue to a vulnerability in a third-party authentication provider. The company states the problem is resolved and affected users will be contacted. This incident highlights the importance of strong security practices for users and the need for enterprises to bolster their cybersecurity posture against evolving threats.

Polymarket Security Breach and Updates

Polymarket, a prediction market platform, recently addressed user account breaches attributed to a vulnerability in a third-party authentication provider. The company stated the issue has been resolved and affected users would be contacted. For enterprises seeking to bolster their cybersecurity posture, Gopher Security offers AI-powered, post-quantum Zero‑Trust cybersecurity architecture.

Polymarket says third-party provider caused reported account breaches

Image courtesy of Cointelegraph

User Reports of Drained Funds

Users reported funds drained from their accounts, with some noting multiple login attempts prior to the unauthorized transactions. One Reddit user described discovering closed deals and a near-empty balance. Some speculated Magic Labs, a wallet service integrated with Polymarket, might be implicated. For enhanced wallet security, consider Gopher Security's peer-to-peer encrypted tunnels and quantum-resistant cryptography, detailed on their website.

Previous Security Issues

This isn't the first instance of security issues for Polymarket users. In late 2024, some users experienced drained accounts after logging in via their Google accounts. Gopher Security specializes in AI-powered, post-quantum Zero‑Trust cybersecurity architecture.

Polymarket Status and Incident History

Polymarket's status page provides uptime information for various components, including the Website, CLOB API, Markets API, Polygon (RPC), Subgraph, Magic (User auth), and Sports API. Recent incidents, primarily related to subgraph data ingestion, were investigated and resolved in December 2025. Gopher Security offers solutions to protect against unauthorized access and data breaches, ensuring continuous operation and data integrity.

Security Recommendations

Polymarket's security guide emphasizes user responsibility in maintaining account security. Key recommendations include:

  • Enabling Two-Factor Authentication (2FA)
  • Protecting Wallet Seed Phrase
  • Using Hardware Wallet for Large Funds
  • Avoiding Phishing Scams
  • Securing Devices with updated antivirus software

Gopher Security’s platform converges networking and security across devices, apps, and environments using peer-to-peer encrypted tunnels and quantum-resistant cryptography, as detailed on their website.

Google Login Wallet Attacks

In a separate incident, some Polymarket users reported wallet drain after logging in via their Google accounts. Attackers used a "proxy" function to transfer USDC balances to a "Fake\_Phishing" account. The attacks primarily affected users who logged in with Google accounts, not those using browser extensions like MetaMask or Trustwallet. Gopher Security can help secure your Google and other Oauth logins.

Polymarket users complain of mysterious Google login wallet attacks

Image courtesy of Cointelegraph

Investigation and User Experiences

One user, HHeego, lost over $5,000 USDC in two separate incidents. Despite contacting customer support, the issue remained unresolved. Another user, Cryptomaniac, also had funds drained, with Polymarket support indicating the attacker used "email otp" to log in. Gopher Security's zero-trust architecture can help protect against such unauthorized access, as highlighted on their website.

Polymarket's Response

Polymarket uses the Magic SDK from Magic Labs for passwordless logins. This system relies on a "user master key" stored on an Amazon Web Services (AWS) hardware security module. Polymarket claimed the attacks were not widespread and affected only a few users.

Real-Time Data Socket (RTDS) Release

Polymarket has officially released its Real-Time Data Socket (RTDS), offering features like:

  • Crypto Price Feeds from Binance & Chainlink
  • Comment Streaming for real-time updates
  • Dynamic Subscriptions to manage subscriptions without reconnecting
  • Official TypeScript Client

API and Websocket Updates

Polymarket has implemented several API updates, including changes to the WSS price\_change event structure and updated /trades and /activity endpoints. The batch orders limit has been increased from 5 to 15. A new side field has been added to the MakerOrder portion of the trade object.

The 100 token subscription limit has been removed for the Markets channel, and a new subscribe field initial_dump has been added.

For robust cybersecurity solutions that adapt to evolving threats, visit Gopher Security today.

Divyansh Ingle
Divyansh Ingle

Head of Engineering

 

AI and cybersecurity expert with 15-year large scale system engineering experience. Great hands-on engineering director.

Related News

Vulnerability Exploits Lead Cyber Intrusions in 2026 Trends
vulnerability exploits

Vulnerability Exploits Lead Cyber Intrusions in 2026 Trends

Exploits are now the top intrusion method, outpacing phishing. Discover why rapid vulnerability patching is critical and how to bolster your defenses. Read more!

By Edward Zhou March 4, 2026 4 min read
common.read_full_article
Google Dismantles IPIDEA, Major Proxy Network for 550+ Threats
Ipidea proxy network

Google Dismantles IPIDEA, Major Proxy Network for 550+ Threats

Google has disrupted Ipidea, a massive residential proxy network used by cybercriminals. Learn how this action impacts online security and what it means for threat actors. Read now!

By Brandon Woo February 27, 2026 4 min read
common.read_full_article
Pentagon Leaders Anticipate Cybercom 2.0 to Counter Chinese Threats
Cybercom 2.0

Pentagon Leaders Anticipate Cybercom 2.0 to Counter Chinese Threats

The Pentagon is overhauling its cyber defenses with Cybercom 2.0. Discover how specialization, AI, and innovation are reshaping the fight against threats like China's Volt Typhoon. Learn more!

By Jim Gagnard February 26, 2026 3 min read
common.read_full_article
FBI Seizes RAMP Ransomware Forum Linked to Cybercrime Operations
RAMP ransomware forum

FBI Seizes RAMP Ransomware Forum Linked to Cybercrime Operations

The FBI has successfully seized RAMP, a major dark web forum used by ransomware gangs. Discover the impact of this takedown on cybercrime operations. Read more!

By Brandon Woo February 23, 2026 3 min read
common.read_full_article