Trade
Basic Trading
Futures
Futures
Hundreds of contracts settled in USDT or BTC
Options
HOT
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Futures Kickoff
Get prepared for your futures trading
Futures Events
Participate in events to win generous rewards
Demo Trading
Use virtual funds to experience risk-free trading
Earn
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
NEW
Trade on-chain assets and enjoy airdrop rewards!
Futures Points
NEW
Earn futures points and claim airdrop rewards
Investment
Simple Earn
Earn interests with idle tokens
Auto-Invest
Auto-invest on a regular basis
Dual Investment
Buy low and sell high to take profits from price fluctuations
Soft Staking
Earn rewards with flexible staking
Crypto Loan
0 Fees
Pledge one crypto to borrow another
Lending Center
One-stop lending hub
VIP Wealth Hub
Customized wealth management empowers your assets growth
Private Wealth Management
Customized asset management to grow your digital assets
Quant Fund
Top asset management team helps you profit without hassle
Staking
Stake cryptos to earn in PoS products
BTC Staking
HOT
Stake BTC and earn 10% APR
GUSD Minting
Use USDT/USDC to mint GUSD for treasury-level yields
More
Trending Topics
View More93.9K Popularity
43.55K Popularity
24.73K Popularity
8.04K Popularity
4.41K Popularity
Pin
🎉 Share Your 2025 Year-End Summary & Win $10,000 Sharing Rewards!
Reflect on your year with Gate and share your report on Square for a chance to win $10,000!
👇 How to Join:
1️⃣ Click to check your Year-End Summary: https://www.gate.com/competition/your-year-in-review-2025
2️⃣ After viewing, share it on social media or Gate Square using the "Share" button
3️⃣ Invite friends to like, comment, and share. More interactions, higher chances of winning!
🎁 Generous Prizes:
1️⃣ Daily Lucky Winner: 1 winner per day gets $30 GT, a branded hoodie, and a Gate × Red Bull tumbler
2️⃣ Lucky Share Draw: 10🔥 Gate Square Event | #PostToWinLaunchpadKDK 🔥
KDK | The latest Gate Launchpad spotlight token
Before: stake USDT to join
Now 👉 just post for a chance to win KDK!
🎁 Gate Square exclusive: 2,000 KDK total rewards up for grabs
🚀 Launchpad star project — big potential ahead 👀
📅 Event Duration
Dec 19, 04:00 – Dec 30, 16:00 (UTC)
📌 How to Join
Post on Gate Square (text, images, analysis, or opinions)
Content should relate to KDK price predictions at launch, project insights, or your understanding of the Gate Launchpad mechanism
Add one hashtag: #发帖赢Launchpad新币KDK 或 #PostToWinLaunchpadKDK
�🎨 Gate AI Creation Contest | One Sentence, Draw Your 2026
On Gate Square, anyone can be a visual creator — truly zero barriers to entry.
With just one sentence, generate an image and bring your vision of 2026 to life.
Create and post your work using Gate Square AI Creation for a chance to win the Gate Year of the Horse New Year Gift Box.
📅 Duration
Dec 17, 2025, 10:00 – Jan 3, 2026, 18:00 UTC
🎯 How to Join
1. Go to Gate Square → Create Post → AI Creation
2. Enter one sentence to generate your image
3. Post with #GateAICreation
🏆 Rewards
5 winners: Gate Year of the Horse New Year
Polymarket Security Incident Alert: How a Third-Party Certification Vulnerability Can Empty User Wallets
Decentralized prediction market platform Polymarket confirmed on December 25th that due to a security vulnerability in a third-party identity verification service provider, some user funds were stolen, and account balances were wiped out. The affected users mainly registered through Magic Labs, a service that allows users to log in with an email address and automatically create a non-custodial Ethereum wallet.
This vulnerability bypassed standard security measures such as two-factor authentication, sparking widespread concern in the market about the security of third-party integrations on crypto platforms.
01 Event Overview: Asset Risks Exposed by Third-Party Vulnerability
The asset theft experienced by Polymarket users did not stem from a core smart contract vulnerability but was caused by a security flaw introduced by its reliance on a third-party identity verification service provider.
The platform stated on its official Discord channel: “We recently discovered and addressed a security issue affecting a small number of users, which was caused by a vulnerability introduced by a third-party identity verification provider.”
Although the platform claims the issue has been fixed and there is no ongoing risk, the specific number of affected users and the amount lost have not been disclosed, creating a vacuum of information that has led the community to widely worry about the true scale and severity of the incident.
02 Attack Process: Restoring Typical User Victim Cases
According to user reports on social media, this security incident exhibits clear pattern characteristics.
A Reddit user detailed their experience: “This morning I woke up to three login attempt notifications for Polymarket — my device was not compromised, Google didn’t find any suspicious activity, and all other services are normal.”
However, when he logged into Polymarket to check, he found all trades had been closed, and the account balance was only $0.01, meaning the wallet was nearly emptied.
Another user reported a similar experience: despite not clicking any suspicious links and enabling two-factor authentication on email, they still couldn’t prevent the attacker from emptying their funds after receiving three login attempt notifications.
03 Victim Group: Magic Labs Registered Users Become the Main Target
A common point among the victims of this security incident is that most registered their Polymarket accounts via Magic Labs.
Magic Labs is a third-party login service designed for crypto beginners, allowing users to log in with just an email address, with the system automatically generating a non-custodial Ethereum wallet in the background. This design greatly lowers the entry barrier into the crypto world but also introduces new attack surfaces.
It appears that attackers have found ways to bypass multiple verification mechanisms, not through traditional phishing or malware attacks on user devices. This has raised serious concerns about third-party identity verification services as potential single points of failure.
04 Platform Response: Vague Information Raises More Doubts
Polymarket’s response to this incident shows a clear tendency of information withholding, which has led to more questions rather than answers.
First, the platform only vaguely mentioned that “a small number of users” were affected, without providing specific numbers or proportions. Second, it did not disclose the total amount stolen, preventing the community from assessing the severity of the event. Third, Polymarket did not explicitly name the involved third-party service provider, although the community widely suspects it to be Magic Labs.
In terms of technical details, Polymarket claimed the issue has been “resolved,” but did not explain what specific fixes were implemented.
Some community members pointed out that after the incident, Polymarket seemed to have increased its one-time password length from three digits to six digits, but the company did not publicly comment on this.
05 Security Lessons: Systemic Risks of Third-Party Integrations
This is not the first time Polymarket has experienced security issues due to third-party services. As early as September 2024, multiple users logging in via Google accounts reported their USDC funds being transferred to phishing addresses.
Last month, a phishing attack exploiting the platform’s comment section led to losses exceeding $500,000. These incidents reveal a common challenge faced by crypto platforms: even if the core smart contracts are secure, dependent third-party services can become security weak points.
Industry analysis indicates that when users rely on and do not have direct control over the underlying authentication infrastructure, integrated systems are especially vulnerable to attacks.
06 User Response: Practical Recommendations for Asset Protection
For cryptocurrency users, the Polymarket incident offers important security lessons.
The most straightforward advice is to avoid using third-party login options and instead connect directly with wallets controlled by the user’s private keys. Although this increases the usage barrier, it is the best way to ensure asset security until the platform demonstrates it can protect third-party integrations.
Users should regularly check account activity, enable all available security features, and stay alert to any suspicious login attempts. Diversifying asset storage and not consolidating all funds on a single platform are also reasonable strategies to reduce risk.
Considering Polymarket’s plan to migrate to Polygon and launch its own Ethereum Layer 2 network, users should pay particular attention to asset security during the platform’s transition.
Future Outlook
As of December 25th, Polymarket’s total trading volume has reached $1.538 billion, with 419,309 monthly active users. When users wake up to find only $0.01 remaining in their accounts, this incident is no longer just a technical glitch but a severe test of the entire crypto ecosystem’s security architecture.
User fund security remains the cornerstone of Gate platform operations. In the face of complex security challenges in the crypto industry, Gate continues to strengthen its security infrastructure, providing users with multiple asset protection mechanisms.