Few Polymarket users report attacks on accounts logged in via Google
On September 29, Cointelegraph reported that some users of the prediction marketplace Polymarket recently reported a wallet attack. The attackers used a “proxy” function to steal the USDC balances of the victims, mainly affecting users logged in with Google accounts. One user, HHeego, was attacked on August 5 and 11, losing a total of about $5,197.11 USD. Another user, Cryptomaniac, lost $745 on August 9th.
Polymarket's customer service acknowledged that it had found at least five cases of similar attacks, in which the attackers were suspected of using “email one-time passwords” to log into the victims' accounts. However, the victims said they never used their email addresses to access the platform. Users using browser wallet extensions such as MetaMask or Trustwallet were not affected.Polymarket uses Magic Labs' SDK to enable password-less, seedless phrase logins, which would theoretically require the attacker to access the user's Google account in order to authenticate. However, victims reported no sign of Google accounts being compromised. Polymarket and Magic Labs have not yet responded to the incident.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.