USDC Heist: Polymarket Google Login Users Fall Victim to Proxy Function Attack

  • Polymarket app users are reporting instances of their USDC balances being wiped out after logging in via Google accounts.
  • These incidents appear to be isolated to Google login users, with no reports from users relying on extensions like MetaMask or Trustwallet.
  • Victims claim their funds were transferred to a phishing account shortly after deposit, despite retaining open trades.

A concerning trend of crypto wallet drains linked to Google logins on Polymarket, raising questions about security vulnerabilities.

Initial Reports of Wallet Drains

Users of the Polymarket prediction market app have recently reported situations where their wallets were drained after logging in using their Google accounts. These cases, which have left many users baffled and financially hurt, center around a particular exploit that does not affect those using more secure browser extensions such as MetaMask or Trustwallet.

User Experiences and Losses

One user, who goes by the Discord username “HHeego,” recorded a significant loss after depositing USD Coin (USDC) from Binance to Polymarket. Initially, he experienced delays, but once the deposit showed up, it quickly disappeared, leaving his account drained. Another deposit attempt led to further losses, despite Polymarket’s initial assurances of a resolved glitch.

Polymarket’s Response and Investigation

Following these losses, affected users contacted Polymarket’s customer support. Responses indicated the company was investigating the issue and believed it to be complex. However, some users have expressed frustration with the lack of concrete follow-up or solutions from Polymarket.

Mechanics of the Exploit

Blockchain data and user reports suggest the funds were siphoned via a “proxy” function directed to a phishing account. In Polymarket’s user face, the exploit appears tied to non-traditional login methods such as Google logins or email OTPs. Polymarket leverages the Magic SDK for logins, and the vulnerability seems isolated to these newer authentication methods.

Security Implications and Prevention

These incidents underscore a critical weakness in some contemporary login systems within the crypto space. Attack vectors exploiting user accounts through less secure login methods necessitate a reevaluation of security protocols. Until the resolution is clear, users are advised to prefer more secure browser extensions for wallet logins.

Conclusion

The Polymarket wallet incident emphasizes the need for enhanced security measures, especially when introducing new login methods. As the crypto industry evolves, maintaining robust security to protect user assets must remain a priority. Users should stay vigilant and choose more secure authentication options whenever possible.

Don't forget to enable notifications for our Twitter account and Telegram channel to stay informed about the latest cryptocurrency news.

BREAKING NEWS

Ambient Secures $7.2 Million Seed Funding to Innovate Smart Services Using Bitcoin-like Proof-of-Work Technology

COINOTAG reported on April 1st that Ambient, a promising...

$DOGINME and $KEYCAT Listed on Coinbase Spot

$DOGINME and $KEYCAT Listed on Coinbase Spot

Tron Network Sees $1.21 Billion Jump in Stablecoins USDT and USDC Amid Decline on Arbitrum

According to recent insights from LookIntoChain, the on-chain stablecoin...

Unlocking Bitcoin DeFi: BOB Integrates with Xverse for Seamless Crypto Transactions

On March 31, COINOTAG News reported that the innovative...

Whale Withdraws 2921 ETH from Binance, Reveals $112K Gain in Ethereum’s Rise

According to a recent COINOTAG report, a notable transaction...
spot_imgspot_imgspot_img

Related Articles

spot_imgspot_imgspot_imgspot_img

Popular Categories

spot_imgspot_imgspot_img