Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
More
Polymarket affected by security vulnerability, risk of Magic Labs user accounts being compromised increases
【Blockchain Rhythm】Prediction market platform Polymarket ran into trouble this week. On December 24th, the platform officially confirmed that recent security threats to multiple user accounts were caused by a vulnerability in a third-party identity verification provider.
As early as this week, users on X and Reddit began to report that their Polymarket accounts had been hacked. These victims shared details of their losses on social media, which drew considerable attention. Further investigation revealed that the issue mainly affected users who registered through Magic Labs. Magic Labs is a service that allows users to log in directly with an email and automatically generate a non-custodial Ethereum wallet. For newcomers without experience in crypto asset wallets, this service is considered a very convenient entry point.
On Tuesday, Polymarket acknowledged the incident in its official Discord channel. The official statement said: “We recently discovered and fixed a security vulnerability affecting some users. This vulnerability originated from the third-party identity verification provider.” However, there is a problem—Polymarket has been very secretive about this. How many users were affected? What was the scale of the stolen funds? Which third-party service provider was responsible? All these details were not disclosed. The platform only briefly mentioned that the issue has been resolved and there are no further risks. This attitude towards information disclosure indeed makes users somewhat uneasy.
---
Polymarket is really dragging their feet; what era are we in that they still have issues?
---
No wonder so many people were complaining about account hacks this week; the root cause is here.
---
Beginners just log in with email and automatically generate a wallet? I really didn't see this logic coming. It's indeed convenient but also risky.
---
It seems that Web3 security is a lesson that can never be learned...
---
When third-party verification providers are attacked, do victims just have to accept their bad luck? Who will take the blame?
---
Magic Labs users are in trouble; quickly check if your account has been compromised.
---
Another platform has issues. When will this industry truly become secure?
---
Those who don't manage their wallets themselves need to learn a lesson this time.
Magic Labs users are completely knocked out; this is the real liquidation price.
Newbie's blessing turned into a trap; non-custodial wallets can't even protect you.
Feels like Polymarket's risk control points are set really poorly.
It's always after the fact that they come up with solutions, and we retail investors are the ones who suffer huge losses.