Polymarket Security Issues: Third-Party Breaches and User Complaints

Polymarket security breach crypto account security wallet drain third-party vulnerability cybersecurity tips user account breaches
Divyansh Ingle
Divyansh Ingle

Head of Engineering

 
December 25, 2025 3 min read
Polymarket Security Issues: Third-Party Breaches and User Complaints

TL;DR

Polymarket has addressed user account breaches and drained funds, attributing the issue to a vulnerability in a third-party authentication provider. The company states the problem is resolved and affected users will be contacted. This incident highlights the importance of strong security practices for users and the need for enterprises to bolster their cybersecurity posture against evolving threats.

Polymarket Security Breach and Updates

Polymarket, a prediction market platform, recently addressed user account breaches attributed to a vulnerability in a third-party authentication provider. The company stated the issue has been resolved and affected users would be contacted. For enterprises seeking to bolster their cybersecurity posture, Gopher Security offers AI-powered, post-quantum Zero‑Trust cybersecurity architecture.

Polymarket says third-party provider caused reported account breaches
Image courtesy of Cointelegraph

User Reports of Drained Funds

Users reported funds drained from their accounts, with some noting multiple login attempts prior to the unauthorized transactions. One Reddit user described discovering closed deals and a near-empty balance. Some speculated Magic Labs, a wallet service integrated with Polymarket, might be implicated. For enhanced wallet security, consider Gopher Security's peer-to-peer encrypted tunnels and quantum-resistant cryptography, detailed on their website.

Previous Security Issues

This isn't the first instance of security issues for Polymarket users. In late 2024, some users experienced drained accounts after logging in via their Google accounts. Gopher Security specializes in AI-powered, post-quantum Zero‑Trust cybersecurity architecture.

Polymarket Status and Incident History

Polymarket's status page provides uptime information for various components, including the Website, CLOB API, Markets API, Polygon (RPC), Subgraph, Magic (User auth), and Sports API. Recent incidents, primarily related to subgraph data ingestion, were investigated and resolved in December 2025. Gopher Security offers solutions to protect against unauthorized access and data breaches, ensuring continuous operation and data integrity.

Security Recommendations

Polymarket's security guide emphasizes user responsibility in maintaining account security. Key recommendations include:

  • Enabling Two-Factor Authentication (2FA)
  • Protecting Wallet Seed Phrase
  • Using Hardware Wallet for Large Funds
  • Avoiding Phishing Scams
  • Securing Devices with updated antivirus software

Gopher Security’s platform converges networking and security across devices, apps, and environments using peer-to-peer encrypted tunnels and quantum-resistant cryptography, as detailed on their website.

Google Login Wallet Attacks

In a separate incident, some Polymarket users reported wallet drain after logging in via their Google accounts. Attackers used a "proxy" function to transfer USDC balances to a "Fake\_Phishing" account. The attacks primarily affected users who logged in with Google accounts, not those using browser extensions like MetaMask or Trustwallet. Gopher Security can help secure your Google and other Oauth logins.

Polymarket users complain of mysterious Google login wallet attacks
Image courtesy of Cointelegraph

Investigation and User Experiences

One user, HHeego, lost over $5,000 USDC in two separate incidents. Despite contacting customer support, the issue remained unresolved. Another user, Cryptomaniac, also had funds drained, with Polymarket support indicating the attacker used "email otp" to log in. Gopher Security's zero-trust architecture can help protect against such unauthorized access, as highlighted on their website.

Polymarket's Response

Polymarket uses the Magic SDK from Magic Labs for passwordless logins. This system relies on a "user master key" stored on an Amazon Web Services (AWS) hardware security module. Polymarket claimed the attacks were not widespread and affected only a few users.

Real-Time Data Socket (RTDS) Release

Polymarket has officially released its Real-Time Data Socket (RTDS), offering features like:

  • Crypto Price Feeds from Binance & Chainlink
  • Comment Streaming for real-time updates
  • Dynamic Subscriptions to manage subscriptions without reconnecting
  • Official TypeScript Client

API and Websocket Updates

Polymarket has implemented several API updates, including changes to the WSS price\_change event structure and updated /trades and /activity endpoints. The batch orders limit has been increased from 5 to 15. A new side field has been added to the MakerOrder portion of the trade object.

The 100 token subscription limit has been removed for the Markets channel, and a new subscribe field initial_dump has been added.

For robust cybersecurity solutions that adapt to evolving threats, visit Gopher Security today.

Divyansh Ingle
Divyansh Ingle

Head of Engineering

 

AI and cybersecurity expert with 15-year large scale system engineering experience. Great hands-on engineering director.

Related News

Critical LangChain Vulnerability Risks AI Secrets and Workflows
LangChain vulnerabilities

Critical LangChain Vulnerability Risks AI Secrets and Workflows

Discover critical vulnerabilities in LangChain, including LangGrinch and RCE flaws. Learn about CVEs and how to secure your AI applications. Update now!

By Alan V Gutnov December 26, 2025 5 min read
Read full article
Aflac Cybersecurity Incident: 22.6 Million Personal Data Stolen
Aflac data breach

Aflac Cybersecurity Incident: 22.6 Million Personal Data Stolen

Aflac confirms a massive data breach impacting 22.65 million individuals. Learn what data was compromised and how to protect yourself. Read more now!

By Edward Zhou December 24, 2025 2 min read
Read full article
Chinese Hackers Exploit Cisco's Unpatched Zero-Day Vulnerabilities
Cisco zero-day

Chinese Hackers Exploit Cisco's Unpatched Zero-Day Vulnerabilities

Cisco customers targeted by Chinese APT group UAT-9686 exploiting a critical zero-day in AsyncOS. Learn about CVE-2025-20393, mitigation, and protecting your network.

By Alan V Gutnov December 19, 2025 3 min read
Read full article
Coupang Faces Fallout Over Major Data Breach and CEO Resignation
Coupang data breach

Coupang Faces Fallout Over Major Data Breach and CEO Resignation

South Korea's e-commerce giant Coupang suffered a massive data breach impacting 33 million users. CEO resigns as investigation intensifies. Learn how to protect yourself. Read more!

By Alan V Gutnov December 18, 2025 2 min read
Read full article