Prediction market platform Polymarket said a series of reported account breaches were caused by a vulnerability in an external authentication provider. The company acknowledged the incident after users reported missing balances and suspicious login alerts, but did not disclose how many accounts were affected or the amount of funds involved.
Polymarket said the issue was introduced by a third-party login tool and has since been resolved, adding that there is no ongoing risk. Several users on social media speculated the provider was Magic Labs, a widely used service that enables email-based logins and automatically creates wallets, though Polymarket did not confirm the vendor’s identity.
The incident highlights broader operational risks for crypto platforms that rely on third-party infrastructure to lower onboarding friction. As prediction markets attract more users outside traditional crypto circles, authentication and custody dependencies are drawing increased scrutiny from both users and institutional observers.
