Polymarket account theft controversy: Magic Labs vulnerability exposed, official information vague

DAOplomacy · 2025-12-24T08:20:12+00:00

Recently, Polymarket users experienced collective account thefts, stemming from a vulnerability in the third-party identity verification provider Magic Labs. Although Polymarket has confirmed and fixed the security issue, details about the number of affected users and stolen funds remain unclear, raising concerns among users.

DAOplomacy

2025-12-24 08:20:12

Abstract generation in progress

【Blockchain Rhythm】In recent days, Polymarket users have experienced a collective account theft incident, causing a stir on X and Reddit. Victims have posted detailed accounts of their losses on social media, sparking widespread discussion.

The root cause has been uncovered— the issue stems from Magic Labs, a third-party identity verification provider. Magic Labs’ service allows users to log in directly with their email to create Ethereum wallets, which sounds very convenient and has indeed attracted many Web3 newcomers. However, this vulnerability was exploited.

On December 24, Polymarket officially acknowledged the incident on Discord, stating that they discovered and fixed a security issue affecting some users, originating from a vulnerability in the third-party identity verification provider.

However, what’s interesting is that Polymarket’s official response is somewhat vague. They did not specify exactly how many users were affected or how much funds were stolen, nor did they name the third-party service provider involved. They simply said, “The issue has been resolved, with no potential risks,” trying to brush it off. Such an attitude indeed raises concerns. For users, this lack of information can increase anxiety—only detailed figures and transparent explanations can truly instill confidence.

ETH-2,68%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

10 Likes

Reward
10
9
Repost
Share

Comment

Add a comment

MEVictim

· 2025-12-27 07:19

Magic Labs has messed up again, Web3 newcomers have been badly scammed.

View OriginalReply0

LiquidationWatcher

· 2025-12-26 18:57

magic labs is causing trouble again, this time it's really outrageous

---

Polymarket's official response is really perfunctory, no wonder everyone is upset

---

Logging in with email to access the wallet sounds a bit unreliable, it's normal for newbies to fall into traps

---

Only speaking up on the 24th? Were they pretending not to see it before?

---

Third-party verification services still need to be cautious; this time the lesson is painfully clear

---

Another announcement claiming "fixed" but with vague details, feels suspicious

View OriginalReply0

SchrodingersPaper

· 2025-12-25 14:16

Another "Third-Party Scapegoat," why do so many Web3 projects love to play this trick, I really want to laugh

---

Magic Labs has failed again, now I trust those so-called partners even less, might as well manage the funds myself

---

Is this all the official has? Recognized only on the 24th? Luckily it was uncovered, or else they would have kept it under wraps

---

Oh my, I knew email login was unreliable, newbies keep jumping into the pit, how many more people will have to be compensated this time

---

Polymarket is getting anxious, from this attitude I can tell how big the trap is, what can be done to fix it

View OriginalReply0

FloorPriceWatcher

· 2025-12-24 11:56

Magic Labs is up to its old tricks again; this kind of third-party authentication is truly a ticking time bomb.

---

The official response from Polymarket is way too perfunctory; do they just want to move on like this?

---

Logging in with email was supposed to be convenient, but it turned out to be a major vulnerability—so ironic.

---

Those who got hacked, you can't just accept it like that.

---

Why did it take until December to discover such a basic security issue? Why didn't they fix it earlier?

---

Newbie retail investors are really being cut like this; I hate these third-party service providers.

---

Is the official "fix" enough? What about compensation?

---

It's Magic Labs again; this company should just change its name to Magic Tricks.

---

How many more pitfalls does the entire Web3 space have to step into? It's so despairing.

---

I heard some people suffered significant losses. Are they just going to accept it like that?

View OriginalReply0

GigaBrainAnon

· 2025-12-24 08:49

Magic Labs is up to its tricks again, this time really causing people to get badly scammed... Convenience and security are truly a trade-off.

View OriginalReply0

Fren_Not_Food

· 2025-12-24 08:46

Did Magic Labs mess up again? These guys are really outrageous. Luckily, I didn't put too much money into Polymarket.

View OriginalReply0

MetaMaskVictim

· 2025-12-24 08:41

Basically, it was a third-party scam. Services like Magic Labs really shouldn't be trusted so much.

View OriginalReply0

StealthMoon

· 2025-12-24 08:39

Speaking of which, Magic Labs really knows how to stir things up. Convenience and security are truly a trade-off.

Stop asking me why I still use Polymarket. I just like gambling.

Their official attitude... Are you trying to make everyone patch the vulnerabilities themselves?

Once again, a third party takes the blame, Polymarket is recovering very quickly.

Magic Labs: "It's not our fault" Polymarket: "It's not our fault" Users: "???"

Getting exploited for a profit once a month is really the norm in Web3 life.

Fortunately, I transferred out the money I was willing to gamble with in advance. Looks like I escaped this time.

View OriginalReply0

StableCoinKaren

· 2025-12-24 08:34

Magic Labs is causing trouble again, which is why I never use third-party wallets to log in.

View OriginalReply0