Polymarket Flags Third-Party Login Tool After Users Report Account Breaches:
A prediction market platform named Polymarket has admitted it has been the target of a security issue. This follows the reporting of cases of unauthorized access to accounts, missing funds, as well as notifications of unauthorized logins.
The cause was blamed on a vulnerability that was caused by a third-party authentication service provider that was not mentioned. Users on the social network X reported receiving unexpected login notices and ending up with empty balances after logging in. This happened despite employing two-factor authentication on some accounts.
A customer reported that his balance reduced to only one penny without showing any signs associated with device hacking, and another customer reported losing around $2,000. Some of the users reported that the accounts were completely withdrawn following fishy login attempts.
While the third party was not named in the press release from Polymarket, it was speculated by some Polymarket users that the third party may include an email-based login and wallet creation service sometimes used for new user registration. Polymarket has not yet confirmed the speculation.
In a statement, a spokesperson from Polymarket explained that "a small number of users were affected" and noted the problem had been resolved with "no ongoing risk" to those users. No specifics were released about how many users had been impacted or how much money had been lost.
The case brings to the fore the security issues associated with the use of third-party authentications in crypto-exchange platforms. The technology makes it easy to join the platform, but security may be compromised in case of vulnerabilities in the system.
With crypto services being increasingly made accessible, this event highlights overall authentication provisions, transparency during incidents, and awareness on login and custody options.