Polymarket Denies Data Breach Claims Amid Dark Web Allegations

Polymarket Denies Data Breach Claims Amid Dark Web Allegations

First seen 29 Apr 2026, 10:03 UTC ChaincatcherPanewslabCoinpaperKucoinTech.Yahoo+9 88% similarity 54.9

Article Content

Browse articles
ThreatCluster

Polymarket, a decentralized prediction market platform, faced allegations of a data breach after a hacker known as xorcat claimed to have extracted over 300,000 records, including personal user data and exploit code, from its systems. The hacker's post on a cybercrime forum suggested that the data was obtained through undocumented API endpoints and various vulnerabilities, including CORS misconfigurations and pagination bypass techniques. Polymarket refuted these claims, stating that the data was publicly accessible via its APIs and on-chain records, characterizing the hacker's actions as mere scraping rather than a breach. The platform also highlighted its active bug bounty program, launched on April 16, 2026, contradicting the hacker's assertion that it lacked such a program. Security experts expressed skepticism about the breach, noting that the information cited by the hacker was already available to developers. The situation reflects ongoing tensions in the crypto space regarding data transparency and security. As of now, Polymarket maintains that no unauthorized access occurred.

Key Points: • Polymarket denies a data breach, claiming the data was publicly accessible. • The hacker's claims involve over 300,000 records, including personal user data. • Polymarket has an active bug bounty program, contradicting the hacker's assertions.

ThreatCluster AI

Timeline

2024-12-17
CVE-2024-51479 published.
2026-04-09
CVE-2025-62718 published.
2026-04-16
Polymarket launched an active bug bounty program.
2026-04-27
Data allegedly extracted by xorcat from Polymarket.
2026-04-29
Polymarket publicly denies breach claims.
2026-04-29
xorcat posts data claims on a cybercrime forum.

Community

Browse all →