USDC Heist: Polymarket Google Login Users Fall Victim to Proxy Function Attack

  • Polymarket app users are reporting instances of their USDC balances being wiped out after logging in via Google accounts.
  • These incidents appear to be isolated to Google login users, with no reports from users relying on extensions like MetaMask or Trustwallet.
  • Victims claim their funds were transferred to a phishing account shortly after deposit, despite retaining open trades.

A concerning trend of crypto wallet drains linked to Google logins on Polymarket, raising questions about security vulnerabilities.

Initial Reports of Wallet Drains

Users of the Polymarket prediction market app have recently reported situations where their wallets were drained after logging in using their Google accounts. These cases, which have left many users baffled and financially hurt, center around a particular exploit that does not affect those using more secure browser extensions such as MetaMask or Trustwallet.

User Experiences and Losses

One user, who goes by the Discord username “HHeego,” recorded a significant loss after depositing USD Coin (USDC) from Binance to Polymarket. Initially, he experienced delays, but once the deposit showed up, it quickly disappeared, leaving his account drained. Another deposit attempt led to further losses, despite Polymarket’s initial assurances of a resolved glitch.

Polymarket’s Response and Investigation

Following these losses, affected users contacted Polymarket’s customer support. Responses indicated the company was investigating the issue and believed it to be complex. However, some users have expressed frustration with the lack of concrete follow-up or solutions from Polymarket.

Mechanics of the Exploit

Blockchain data and user reports suggest the funds were siphoned via a “proxy” function directed to a phishing account. In Polymarket’s user face, the exploit appears tied to non-traditional login methods such as Google logins or email OTPs. Polymarket leverages the Magic SDK for logins, and the vulnerability seems isolated to these newer authentication methods.

Security Implications and Prevention

These incidents underscore a critical weakness in some contemporary login systems within the crypto space. Attack vectors exploiting user accounts through less secure login methods necessitate a reevaluation of security protocols. Until the resolution is clear, users are advised to prefer more secure browser extensions for wallet logins.

Conclusion

The Polymarket wallet incident emphasizes the need for enhanced security measures, especially when introducing new login methods. As the crypto industry evolves, maintaining robust security to protect user assets must remain a priority. Users should stay vigilant and choose more secure authentication options whenever possible.

Don't forget to enable notifications for our Twitter account and Telegram channel to stay informed about the latest cryptocurrency news.

BREAKING NEWS

LM Funding Reports Increased BTC Mining Output in October 2024: A Step Towards Financial Growth

COINOTAG has reported that on November 23, LM Funding,...

Bitcoin’s Bullish Rebound Begins: VanEck’s Analysis Reveals Key Indicators for Future Growth

In a recent analysis by asset management powerhouse VanEck,...

Binance Achieves $8.73 Billion Net Inflow, Boosting Total Crypto Assets to $154.9 Billion

According to recent data from DeFiLlama, Binance experienced a...

ETH Investor Earns 1533 ETH Profit After Strategic WBTC Swap: Insights from On-Chain Data

On November 23rd, COINOTAG News reported a significant transaction...

Bitcoin ETF Sees Record $3.376 Billion Net Inflows Amid Surge in Trading Volume

According to recent data from COINOTAG News on November...
spot_imgspot_imgspot_img

Related Articles

spot_imgspot_imgspot_imgspot_img

Popular Categories

spot_imgspot_imgspot_img