Polymarket Denies Data Breach Claims Amid Dark Web Allegations

Severity: Medium (Score: 54.9)

Sources: beincrypto.com, Bitget, Coinpaper, Chaincatcher, Tech.Yahoo

Summary

Polymarket, a decentralized prediction market platform, faced allegations of a data breach after a hacker known as xorcat claimed to have extracted over 300,000 records, including personal user data and exploit code, from its systems. The hacker's post on a cybercrime forum suggested that the data was obtained through undocumented API endpoints and various vulnerabilities, including CORS misconfigurations and pagination bypass techniques. Polymarket refuted these claims, stating that the data was publicly accessible via its APIs and on-chain records, characterizing the hacker's actions as mere scraping rather than a breach. The platform also highlighted its active bug bounty program, launched on April 16, 2026, contradicting the hacker's assertion that it lacked such a program. Security experts expressed skepticism about the breach, noting that the information cited by the hacker was already available to developers. The situation reflects ongoing tensions in the crypto space regarding data transparency and security. As of now, Polymarket maintains that no unauthorized access occurred. Key Points: • Polymarket denies a data breach, claiming the data was publicly accessible. • The hacker's claims involve over 300,000 records, including personal user data. • Polymarket has an active bug bounty program, contradicting the hacker's assertions.

Key Entities

• Xorcat (apt_group)
• Data Breach (attack_type)
• Polymarket (company)
• CVE-2024-51479 (cve)
• CVE-2025-62718 (cve)
• CWE-200 - Exposure of Sensitive Information (cwe)
• CWE-287 - Improper Authentication (cwe)
• CWE-862 - Missing Authorization (cwe)
• beincrypto.com (domain)
• T1567 - Exfiltration Over Web Service (mitre_attack)
• CLOB API (platform)
• Gamma API (platform)
• Polymarket Gamma (platform)
• Axios (platform)