Grafa logo

Polymarket confirms third-party vulnerability behind recent account hacks

Written by BloombergPublished dez. 25 2025Last Updated dez. 25 2025

Share

Polymarket has confirmed that recent account hacks were caused by a vulnerability in a third-party login service rather than a flaw in its smart contracts or treasury systems.

The US-facing prediction market platform said attackers exploited compromised authentication linked to an external service provider.

Polymarket stated that its core protocol and on-chain infrastructure were not directly breached in the incident.

Affected users reported unauthorised withdrawals in which funds were transferred out without standard platform approval.

Multiple users told crypto news outlets that their account balances were drained during the attacks.

Polymarket has not publicly disclosed the total financial impact of the breach.

The company said its investigation traced the issue to a decentralised identity or wallet connection service used for login access.

According to Polymarket, attackers obtained credentials or authorisation tokens through the third-party interface.

Those credentials were then used to initiate withdrawals from user accounts.

Users reported that withdrawals occurred rapidly once sessions were compromised.

The speed of the transactions suggested attackers acted immediately to drain funds.

Polymarket said the stolen funds had not interacted with known mixing services at the time of its update.

Investigators noted that the eventual destination of the funds remains uncertain.

Industry analysts said the incident highlights risks created by off-chain infrastructure surrounding decentralised protocols.

Security experts stressed that even well-audited smart contracts can be undermined by weak external components.

Authentication and key-handling services were identified as particularly sensitive points of failure.

Analysts said permissionless systems remain exposed when relying on consolidated login or identity tools.

In this case, the third-party service was not operated by Polymarket itself.

That limitation reduced the platform’s visibility into the provider’s internal controls and monitoring systems.

Security researchers said audit standards often focus on on-chain logic rather than surrounding infrastructure.

The incident adds login authentication services to a growing list of common attack vectors in crypto.

Past breaches have frequently stemmed from exploited bridges, oracles or external integrations.

Polymarket’s case shows how layered systems can introduce systemic risk even when core code is secure.

The platform acknowledged that restoring user confidence will be a major challenge.

Technical fixes alone may not be sufficient following high-profile account compromises.

Platforms are under increasing pressure to treat third-party dependencies as core security components.

Developers and auditors are being urged to expand threat models beyond smart contracts.

The breach comes amid heightened scrutiny of decentralised finance security practices.

Polymarket said it is continuing to assess the incident and review its authentication processes.

The company has emphasised that preventing similar attacks will require broader infrastructure safeguards.

Users affected by the breach are awaiting further clarity on recovery options.

The incident underscores how user-facing access points can undermine otherwise secure systems.

Security specialists said the case will likely influence future best practices across DeFi platforms.

Polymarket’s response will be closely watched by users and regulators alike.