A quick overview of the PolyMarket user hack: In the past 24 hours, a report on the Reddit community has caused panic. A PolyMarket user posted that their account funds were instantly emptied. After checking the backend logs, the user discovered three unauthorized login attempts. As the post gained popularity, other users in the comments section reported experiencing almost identical situations: their accounts were hacked and their funds disappeared. According to incomplete statistics, users who claim to have suffered losses have accumulated losses exceeding $30,000. After comparison, the victims all had one crucial thing in common: They all used MagicLink (a one-time link received via email) to log in. 🔹What is MagicLink Login? MagicLink is a passwordless login technology. In PolyMarket, it allows users to generate and access an encrypted wallet linked to their email address simply by entering their email address and clicking the "Magic Link" in the email, without having to manage complex seed phrase or private keys. This approach greatly lowers the barrier for Web2 users to enter Web3, but it also introduces security risks. Although MagicLink uses sophisticated encryption methods to ensure security, it does not change the fact that the private key is hosted in a centralized service. 🔹Has the cause of the incident been determined? Current analysis suggests that this attack is most likely related to a vulnerability in the MagicLink login mechanism. On the one hand, some users discovered that the one-time verification code (OTP) used to be only 3 digits when logging into Polymarket was urgently increased to 6 digits after the incident. This indicates that the previous 3-digit verification code was too simple and could be maliciously brute-forced. On the other hand, some victims' funds were withdrawn directly from Polymarket's own Relay contract without any external phishing websites or user confirmation, suggesting that attackers may have exploited vulnerabilities in the platform's signature or permission verification. In summary, the attack likely stemmed from security flaws in the MagicLink service or email process, such as service intrusion, mail server hijacking, or the platform's authorization process being bypassed. However, Polymarket has only posted a message on Discord stating that the problem originated from a third-party verification provider, without providing an official explanation. The specific cause remains to be revealed. 🔹Security Recommendations for Users For the safety of your assets, we have the following recommendations: 🛡️Beware of centralized/managed logins: Login methods that rely on email addresses or centralized services to generate wallets (such as MagicLink) are convenient, but they pose a single point of failure in terms of security. Never use such accounts for extended periods or keep large sums of money in them. 🛡️Prioritize fully decentralized wallets: PolyMarket supports multiple connection methods. Users are advised to immediately transfer their funds and switch to a decentralized wallet such as MetaMask, where the user has complete control over their private keys (Self-Custody), for login. 🛡️Advanced Protection: Using a Hardware Wallet: For users with large sums of money, software wallets still pose a risk of being attacked online. The safest solution is to have Keystone store your private key offline to prevent hackers from obtaining it and transferring your assets without your knowledge.