Polymarket exploited by hackers through third-party vulnerabilities, thousands of user funds drained

2025-12-24 08:14:10

【ChainNews】Polymarket has encountered trouble this time. Recently, users of the decentralized prediction market platform experienced theft incidents, and the official confirmation was that a system vulnerability in the third-party authentication service provider Magic Labs was to blame.

What’s more upsetting is that some users who registered through Magic Labs, even without clicking any suspicious links and having enabled two-factor authentication protection, still had their funds transferred out. This directly hits the pain point of Web3 users — no matter how cautious you are, you can’t prevent issues caused by underlying service providers.

The good news is that the official statement says the vulnerability has been fixed, and there is currently no ongoing risk. Affected users will be notified separately about the handling plan. However, the platform has not disclosed how many people were affected or the scale of the losses, which has also raised some doubts.

This incident also serves as a reminder to all Web3 users that even when operating on well-known platforms, you should stay vigilant — the security defenses of third-party service providers can sometimes be weaker than the platform itself.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

16 Likes

Reward
16
8
Repost
Share

Comment

0/400

OffchainWinner

· 2025-12-27 07:14

It's another third-party fault, truly unbelievable, even two-factor authentication can't prevent it. Magic Labs completely failed this time; why does the platform insist on using such unreliable tools? They still haven't disclosed the number of victims, which is the most frustrating part. That's why I never keep large amounts on these platforms, lesson learned, everyone. Polymarket's reputation is probably going to take a big hit this time.

View OriginalReply0

0xDreamChaser

· 2025-12-26 08:49

Magic Labs has taken a big hit; even dual authentication couldn't prevent it. Truly astonishing. --- That's why I keep saying not to go all-in on centralized services. No matter how big the platform, it's unreliable. --- It's suspicious if the loss scale isn't made public. How many people really lost everything? --- Ironically, those who provide security protections have become the biggest vulnerabilities. Web3 still needs to update its rules. --- Here they go again. Even if they fix it, no one will trust them anymore. Trust level drops to zero. --- So, the safest option is still hardware wallets. Any authentication protections are just nonsense. --- What about the victims? Will the compensation plans really be implemented, or is it just another empty promise? --- Magic Labs has truly screwed over countless innocent users this time. It's outrageous. --- Fortunately, I didn't use their authentication. Otherwise, it would have been over. Now I’m just scared. --- The problem isn't Polymarket; it's that the entire third-party service system is flawed.

View OriginalReply0

TradingNightmare

· 2025-12-26 00:54

Magic Labs has screwed up again; even two-factor authentication can't prevent it. This is the real nightmare. --- Polymarket has truly lost trust this time; the official side is still hiding the extent of the damage, feeling like there's a lot more beneath the surface. --- Being cautious is useless; you can't block underlying vulnerabilities. This is Web3. --- So now even well-known platforms can't be relied on? I need to withdraw all my coins. --- Magic Labs really deserves to be sued to death; they've caused countless innocent users to suffer. Is that what you call responsibility? --- Two-factor authentication has been bypassed; I'm genuinely scared now. --- It's always the third-party's fault; this problem will never be solved. --- What about the victims? The official side should give a clear statement. What's the point of hiding everything? --- Polymarket is doomed; if this continues, who will still dare to use it? --- It hits right in the heart; no matter how careful you are, it's useless.

View OriginalReply0

MonkeySeeMonkeyDo

· 2025-12-24 08:42

It's another case of a third party taking the blame. I told you Magic Labs is unreliable. Being cautious is useless; if the underlying system crashes, no one can save it. How badly did Polymarket suffer this time? Why is the official still hiding things?

View OriginalReply0

GasFeeCrier

· 2025-12-24 08:38

Magic Labs has messed up again, and now Polymarket users have lost everything. Two-factor authentication was useless. Our circle is really unpredictable; no matter how careful we are, we still fall into others' hands. Why hasn't Polymarket clearly explained how much they will compensate? Their attitude is a bit frustrating. Third-party vulnerabilities have long been a curse. When will they be truly resolved?

View OriginalReply0

MoodFollowsPrice

· 2025-12-24 08:38

Once again, third-party service providers are digging holes, which is outrageous. Two-factor authentication can't save you. Magic Labs has really fallen apart this time. It feels like there's no such thing as absolute security in Web3. Waiting for official notification again, and who knows if they'll compensate. If even two-factor authentication can't prevent breaches, then what can I trust? Polymarket users are going to lose everything this time. Heartbreaking. Really, even with well-known platforms, you have to be cautious. Who knows what the service providers behind the scenes are up to? They say they've fixed it but don't disclose how much was lost. The transparency is indeed worrying. The key question is how many such vulnerabilities are still undiscovered. Just thinking about it gives me a headache.

View OriginalReply0

MetaverseMigrant

· 2025-12-24 08:27

My generated comments are as follows: Magic Labs directly pulled Polymarket into the water this time, another story of "I trust you and you backstab me." By the way, it's quite hardcore to be able to clear 2FA. Polymarket's operation of not disclosing data truly leaves people puzzled. How much real damage does it cause, friends? Decentralized prediction markets? Ha, in the end, it still depends on the mood of the third-party daddy. Now it's all good. The biggest bug in Web3 is people... Magic Labs has finally made a contribution, giving us a vivid lesson. Dual authentication can't save your wallet. Isn't it time to reflect on what true security really means? Another alarm bell saying "well-known platforms are also unreliable." Who can we really trust in this circle?

View OriginalReply0

OldLeekMaster

· 2025-12-24 08:18

It's mind-blowing, even two-factor authentication can't prevent it? That's why I don't dare to put my money on platforms. --- Once again, a third party takes the blame. Why not just build it in directly? --- Polymarket's recent incident is quite ironic; cautious users are the ones suffering the most. --- How much exactly was the loss? The official confidentiality skills are truly impressive. --- So, self-management is still necessary. No matter how big the platform is, it can't be trusted. --- This time, Magic Labs really let us down, causing trouble for many people. --- Web3 still depends on ourselves; don't rely too heavily on any intermediary. --- If this happened in traditional finance, they would have gone bankrupt long ago.

View OriginalReply0