Polymarket: Third-party authentication vulnerability leads to the theft of a small number of user accounts.

[Polymarket: Third-Party Authentication Vulnerability Leads to Theft of a Small Number of User Accounts] According to Mars Finance, Polymarket has detected and resolved a security issue affecting a "small number of users" caused by a vulnerability introduced by a third-party authentication provider. Previously, multiple Polymarket users reported on Reddit and the X platform that their accounts experienced unauthorized logins, funds were wiped out, and trading positions were forcibly closed. Affected users were primarily those who logged in via email through Magic Labs. Some victims stated that despite enabling two-factor authentication (2FA) and their devices not being illegally accessed, their accounts were still stolen after multiple unauthorized login attempts. Polymarket has confirmed that the vulnerability has been fixed and there is currently no persistent risk. The platform is directly contacting affected users. Previously, in late 2024, the platform also experienced a similar incident where a third-party plugin vulnerability led to the theft of assets from some users logging in via Google.