USDC Heist: Polymarket Google Login Users Fall Victim to Proxy Function Attack

• Polymarket app users are reporting instances of their USDC balances being wiped out after logging in via Google accounts.
• These incidents appear to be isolated to Google login users, with no reports from users relying on extensions like MetaMask or Trustwallet.
• Victims claim their funds were transferred to a phishing account shortly after deposit, despite retaining open trades.

A concerning trend of crypto wallet drains linked to Google logins on Polymarket, raising questions about security vulnerabilities.

Initial Reports of Wallet Drains

Users of the Polymarket prediction market app have recently reported situations where their wallets were drained after logging in using their Google accounts. These cases, which have left many users baffled and financially hurt, center around a particular exploit that does not affect those using more secure browser extensions such as MetaMask or Trustwallet.

User Experiences and Losses

One user, who goes by the Discord username “HHeego,” recorded a significant loss after depositing USD Coin (USDC) from Binance to Polymarket. Initially, he experienced delays, but once the deposit showed up, it quickly disappeared, leaving his account drained. Another deposit attempt led to further losses, despite Polymarket’s initial assurances of a resolved glitch.

Polymarket’s Response and Investigation

Following these losses, affected users contacted Polymarket’s customer support. Responses indicated the company was investigating the issue and believed it to be complex. However, some users have expressed frustration with the lack of concrete follow-up or solutions from Polymarket.

Mechanics of the Exploit

Blockchain data and user reports suggest the funds were siphoned via a “proxy” function directed to a phishing account. In Polymarket’s user face, the exploit appears tied to non-traditional login methods such as Google logins or email OTPs. Polymarket leverages the Magic SDK for logins, and the vulnerability seems isolated to these newer authentication methods.

Security Implications and Prevention

These incidents underscore a critical weakness in some contemporary login systems within the crypto space. Attack vectors exploiting user accounts through less secure login methods necessitate a reevaluation of security protocols. Until the resolution is clear, users are advised to prefer more secure browser extensions for wallet logins.

Conclusion

The Polymarket wallet incident emphasizes the need for enhanced security measures, especially when introducing new login methods. As the crypto industry evolves, maintaining robust security to protect user assets must remain a priority. Users should stay vigilant and choose more secure authentication options whenever possible.