BanklessTimes
Home Articles Polymarket Confirms Security Breach Linked to Third Party Login Provider

Polymarket Confirms Security Breach Linked to Third Party Login Provider

Simon Simba
Simon Simba
Simon Simba
Author:
Simon Simba
Simon is a writer with five years experience in crypto and iGaming. He currently works as a freelance writer at BanklessTimes where he focuses on simplifying daily crypto developments for readers. He discovered crypto in 2022 while writing news about NFTs for a news website in the US, and has since written for two other international NFT projects, and a Web3 gaming agency.
Updated: December 24th, 2025

Polymarket has confirmed a security incident that exposed a subset of user accounts to unauthorized access, linking the breach to a vulnerability at an external third-party login provider, rather than its core prediction markets and smart contracts.

Polymarket Breach Tied to Third-Party Authentication

Users began reporting missing funds and unexplained login alerts earlier this week, sharing screenshots of drained balances and access attempts they did not initiate. Most affected accounts appear to belong to users who relied on email-based, one‑click sign‑in powered by an external authentication service that automatically generates a non‑custodial wallet in the background.

Polymarket acknowledged the issue in messages to its community, stating that a “small number of users” suffered losses due to a vulnerability introduced by the third‑party provider. The platform stated that it has patched the integration. It confirmed that the underlying protocol and markets remain secure, but did not disclose the precise number of victims or the total value stolen.

How it Affected Users

The attackers quickly merged and moved money from stolen wallets by employing splitting and laundering strategies that are typical of earlier bitcoin thefts. Several victims reported that their balances had dropped to nearly zero, despite using two-factor authentication on their email accounts. This led to speculation that, rather than compromising specific devices, the assault targeted identity-provider-level security protections.

Polymarket has committed to contacting impacted users directly and states that no ongoing risk remains through the patched login channel. However, it has stopped short of detailing a concrete compensation framework. Security firms and industry observers now advise users to switch to dedicated wallets, revoke unnecessary permissions, and avoid linking high-value accounts to third-party login tools whenever possible.

The breach underscores how platforms that appear non‑custodial can still inherit significant risk from centralized authentication layers. Even when smart contracts operate as designed, a weak point in email or social login infrastructure can expose wallets across multiple services that rely on the same provider.

READ MORE: Binance Coin Price Prediction as BNB Token Nears Death Cross

Follow Bankless Times on Google News

We`ve got crypto covered – every trend, every insight, every move that matters. Add us to your feed and stay ahead of the market.

Subscribe
Crypto News DeFi

Contributors

Simon Simba
Simon Simba
Simon is a writer with five years experience in crypto and iGaming. He currently works as a freelance writer at BanklessTimes where he focuses on simplifying daily crypto developments for readers. He discovered crypto in 2022 while writing news about NFTs for a news website in the US, and has since written for two other international NFT projects, and a Web3 gaming agency.
Popcat Soars to New ATH as Investors Eye Solciety
Cardano Price Prediction 2026: Top 5 Catalysts for ADA Token
Crispus Nyaga
Crispus Nyaga
Popcat Soars to New ATH as Investors Eye Solciety
Binance Coin Price Prediction as BNB Token Nears Death Cross
Crispus Nyaga
Crispus Nyaga
Popcat Soars to New ATH as Investors Eye Solciety
Chainlink Price Forms Scary Pattern Despite Strong Fundamentals
Crispus Nyaga
Crispus Nyaga