BusinessPostCorner.com
No Result
View All Result
Thursday, July 16, 2026
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources
BusinessPostCorner.com
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources
No Result
View All Result
BusinessPostCorner.com
No Result
View All Result

Third-Party Vulnerability Drains User Funds

December 24, 2025
in Crypto News
Reading Time: 5 mins read
A A
0
Third-Party Vulnerability Drains User Funds
ShareShareShareShareShare

Journalist

Hassan Shittu

Journalist

Hassan ShittuVerified

Part of the Team Since

Jun 2023

About Author

Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in…

Share

Last updated: 

December 24, 2025

Third-Party Vulnerability Drains User Funds

Polymarket has confirmed that a recent wave of wallet drains affecting user accounts was caused by a security vulnerability tied to a third-party authentication provider, following days of complaints from users who said their balances were emptied after unexplained login attempts.

The decentralized prediction market platform said the issue has now been fixed and that there is no ongoing risk, though it has not disclosed how many users were affected or the total value of funds lost.

Polymarket said that multiple user accounts recently suffered fund losses due to a security vulnerability in a third-party authentication service. The issue has been fixed and no ongoing risk remains. Some users reported on social media that their funds were drained after…

— Wu Blockchain (@WuBlockchain) December 24, 2025

Login Emails, Empty Accounts: Polymarket Users Describe Sudden Fund Losses

Reports of suspicious activity began circulating earlier this week on X and Reddit, where several users described receiving multiple login notification emails despite not attempting to access their accounts.

In multiple cases, users said they logged in hours later to find their positions closed and balances nearly zero.

One Reddit user wrote that three login attempts were flagged while their email and other online accounts showed no signs of compromise, adding that their Polymarket funds were drained at the same time the login emails were sent.

Another user provided a detailed account suggesting the breach may have involved weaknesses in the platform’s one-time password system at the time of the incident.

A bunch of people reporting their polymarket accounts using magic link were drained. Possibly an ongoing security issue with magic link (though can never rule out user error / phishing). A few from discord posted below but I’ve seen more reports. pic.twitter.com/hQkyzJdE6V

— Spreek (@spreekaway) December 23, 2025

According to the user, the login codes were only three digits long and may have been vulnerable to brute-force attempts. The user noted that shortly after the incident, Polymarket appeared to increase the OTP length to six digits, though the company has not publicly commented on that specific claim.

if you have ever used or downloaded this @Polymarket trading bot, move your funds to a new wallet immediately

this repo called simone46b/polymarket-trading-bot contains a malicious npm package called polystream/streaming, it pretends to be a sha256 validation utility, but it is…

— Saurav (@0x_saurav) December 22, 2025

User reports have pointed to a common thread among affected accounts. Several said they had signed up through Magic Labs, a popular onboarding service that allows users to log in with email addresses and automatically creates non-custodial Ethereum wallets.

Magic Labs is widely used by newer crypto users who do not already manage their own wallets.

While Polymarket did not name the authentication provider involved, it acknowledged in a message posted to its official Discord channel that the vulnerability originated from a third-party service.

Source: Polymarket Discord

The platform said it would contact impacted users directly but did not offer details on reimbursements or recovery options.

Third-Party Breaches Keep Haunting Crypto Platforms

The incident is not the first time Polymarket has faced security-related concerns tied to external services.

In September 2024, users who logged in through Google accounts reported wallet drains involving unauthorized proxy transactions that moved USDC funds to phishing addresses.

At the time, Polymarket investigated the events as potentially targeted exploits linked to third-party authentication tools.

More recently, a phishing campaign that abused the platform’s comment sections resulted in losses exceeding $500,000 after users were redirected to fake login pages.

The breach comes amid a broader rise in third-party security failures across the crypto and technology sectors. This week, crypto tax software firm Koinly warned users that email addresses may have been exposed following a breach at Mixpanel, an analytics provider it previously used.

Koinly reported that no financial/tax information had been breached and that it no longer uses the service.

Elsewhere, Swiss crypto platform SwissBorg released a report of a loss of 41 million earlier this year following a compromise by attackers of an API provider, and Discord and a number of DeFi protocols have also reported attacks related to external vendors.

A consistent warning that security researchers have given is that the use of third-party infrastructure can increase attack surfaces, particularly with crypto platforms growing.



Credit: Source link

ShareTweetSendPinShare
Previous Post

Libyan army chief killed in Turkey plane crash

Next Post

Email, despite complaints, remains ubiquitous

Next Post
Email, despite complaints, remains ubiquitous

Email, despite complaints, remains ubiquitous

SEC email address mix-up for comments on semiannual reporting proposal causing confusion

SEC email address mix-up for comments on semiannual reporting proposal causing confusion

July 14, 2026
June CPI Beat Lifts Bitcoin — Fed’s Next Move Matters

June CPI Beat Lifts Bitcoin — Fed’s Next Move Matters

July 14, 2026
6 benefits market shifts facing HR leaders

6 benefits market shifts facing HR leaders

July 13, 2026
Waffle House sued over employee tobacco insurance surcharge

Waffle House sued over employee tobacco insurance surcharge

July 13, 2026
US appeals court revives lawsuits linking painkiller Tylenol to autism

US appeals court revives lawsuits linking painkiller Tylenol to autism

July 13, 2026
SK Hynix stock jumps nearly 13% in Wall Street debut as demand for memory chips soars amid AI frenzy

SK Hynix stock jumps nearly 13% in Wall Street debut as demand for memory chips soars amid AI frenzy

July 10, 2026
BusinessPostCorner.com

BusinessPostCorner.com is an online news portal that aims to share the latest news about following topics: Accounting, Tax, Business, Finance, Crypto, Management, Human resources and Marketing. Feel free to get in touch with us!

Recent News

White House teleprompter operator accused of making 0k off Trump speech bets

White House teleprompter operator accused of making $100k off Trump speech bets

July 16, 2026
Kalshi pulls plug on flight cancellation contracts

Kalshi pulls plug on flight cancellation contracts

July 16, 2026

Our Newsletter!

Loading
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • DMCA

© 2023 businesspostcorner.com - All Rights Reserved!

No Result
View All Result
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources

© 2023 businesspostcorner.com - All Rights Reserved!