Back

Polymarket Denies Data Breach Amid Dark Web Claims of Compromise

Severity: Medium (Score: 51.9)

Sources: Chaincatcher, Coinpaper, Panewslab

Summary

On April 29, 2026, Polymarket publicly denied allegations of a data breach after a hacker, known as 'xorcat', claimed to have stolen over 300,000 records from the platform. The hacker's claims included details about user profiles, market metadata, and vulnerabilities exploited through undocumented API endpoints and CORS misconfigurations. Polymarket asserted that the data cited by the hacker was already publicly accessible and not the result of unauthorized access. The company also refuted claims of lacking a bug bounty program, stating that they had launched one on April 16, 2026. Cybersecurity experts expressed skepticism about the breach, suggesting the data might have been scraped rather than leaked. The hacker threatened to release more information and claimed that other prediction market platforms were also compromised. The situation has raised concerns within the crypto community, which has been experiencing a surge in cyberattacks recently. Key Points: • Polymarket denies claims of a data breach, asserting data was publicly accessible. • Hacker 'xorcat' claims to have stolen over 300,000 records using API vulnerabilities. • Polymarket launched a bug bounty program on April 16, contradicting the hacker's claims.

Key Entities

  • Xorcat (apt_group)
  • Data Breach (attack_type)
  • Polymarket (company)
  • CVE-2024-51479 (cve)
  • CVE-2025-62718 (cve)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • CWE-287 - Improper Authentication (cwe)
  • CWE-862 - Missing Authorization (cwe)
  • T1567 - Exfiltration Over Web Service (mitre_attack)
  • CLOB API (platform)
  • Polymarket Gamma (platform)
  • Axios (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed