Polymarket users complain of mysterious Google login wallet attacks
Some users of the Polymarket prediction market app are complaining that their wallets were mysteriously drained after they logged in via their Google accounts.
After making deposits, users found that their wallets were wiped out, leaving a balance of zero. The attacks have not occurred against users that relied on wallet browser extensions such as MetaMask or Trustwallet.
Cointelegraph spoke to two victims of the attacks. The first victim identified himself by the Discord username, “HHeego,” and claimed to be the owner of a Polymarket account whose address ends in C3d4.
HHeego claimed that he deposited $1,085.80 in USD Coin 
USDCUSD from Binance to Polymarket on Aug. 5. However, after hours of waiting, the deposit did not show up in his account within the Polymarket app.
Believing something was wrong with his account, HHeego joined the Polymarket Discord server in an attempt to get help. He found that many other users were having similar problems, and it seemed to be connected to a user interface issue. This made him feel relieved, so he stopped worrying about it.
Later that day, the deposit appeared on the user interface. However, he stated that it “vanished almost as quickly as it had come.” In fact, he claimed that his entire USDC balance of $1,188.72 disappeared. This balance included $102.92 that had been in the account before the deposit was made, as well as the deposit itself.
Strangely, HHeego’s $2,000 worth of open trades remained untouched.
HHeego seeks help from Polymarket
HHeego inspected his account history using the Polygonscan block explorer and found that his USDC balance had been sent to an account labeled “Fake_Phishing399064.”
He then submitted a ticket to customer support. When the customer support agent heard the user’s story, he expressed incredulity. “Haven’t you withdrawn that amount?” he asked. “No i havent,” the user replied. “Are you sure it wasn’t you then?” the agent asked. “I am 100% sure,” the user replied.
In the image below, Cointelegraph has redacted the agent’s screen name to protect his privacy.
The agent asked HHeego if “your PK got leaked or you got phished somehow.” The user, who claims to be a newcomer to the crypto world, told Cointelegraph that he did not at first understand what the agent meant by a “PK leak.” HHeego stated that he has never used a browser extension wallet and has only ever used a Google login to access Polymarket.
After asking a few more questions, the agent told him that the team was investigating the anomaly and would contact him when they discovered more information.
Another $4,000 gets swiped
Believing that the wallet drain was some kind of “glitch” that would eventually be worked out, HHeego deposited an additional $4,111.31 on Aug. 11. As before, the “fake phishing” account drained all of the funds, bringing the user’s total losses to $5,197.11.
At this point, the user became convinced that his Polymarket account was hacked. He closed all of his trades, amounting to nearly $1,000 in funds, and withdrew his balance to his Binance account. The proceeds from these trades were not touched by the attacker, and the withdrawal was successful.
Cointelegraph contacted both the Polymarket and Magic Labs teams through their official Discord servers but did not receive a response by the time of publication.
Wallet vulnerabilities are a common way for Web3 users to lose crypto. In August, researchers uncovered a method called “Dark Skippy” that could be used to steal Bitcoin from hardware wallets using a supply chain attack.
In March, cybersecurity research firm SECBIT Labs disclosed an old Trustwallet vulnerability that allowed an attacker to guess a user’s seed words. This vulnerability was patched, but the researchers stated that the flaw may still affect some accounts.
Update 9-30-2024 8:06 am UTC: This article has been updated to include a message reportedly sent from Polymarket to HHeego on Sept. 25.