Prediction markets platform Polymarket has denied current studies that its buyer knowledge was breached after a hacker on the darkish internet posted what the particular person claimed was a trove of personal consumer particulars.
Cybersecurity firm Vecert Analyzer and several other different X accounts that observe darkish internet exercise shared screenshots from DarkForums on Tuesday exhibiting a hacker utilizing the pseudonym “xorcat” claiming to have breached Polymarket.
Within the submit, xorcat mentioned that they had stolen over 300,000 information, together with 10,000 distinctive consumer profiles with full names, profile photos, proxy wallets and base addresses.
Polymarket referred to as the claims of a knowledge breach “full and utter nonsense” and mentioned the data the hacker posted is already out there on-line.
The crypto trade noticed a sudden surge in crypto-related hacks and exploits in April, placing many within the house on excessive alert. Blockchain safety firm Hacken reported earlier this month that Web3 tasks misplaced $482 million to hacks and scams within the first quarter of 2026 throughout 44 incidents.
“You compromised our platform by accessing publicly accessible API endpoints & on-chain knowledge and *checks notes* are attempting to promote the information we provide builders without cost? Which VC paid you to submit this?” Polymarket mentioned.
In one other submit, the prediction market mentioned: “A part of the great thing about being on chain is all our knowledge is publicly auditable, it is a characteristic, not a bug. No knowledge was leaked, it is accessible by way of our public endpoints & on-chain knowledge. As a substitute of paying for the information, you possibly can entry it without cost by way of our APIs.”
Supply: Polymarket
Hacker claims over 300,000 information stolen
The so-called hacker mentioned the information was being posted as a result of Polymarket didn’t have a bug bounty program.
Associated: Scammers use Gmail dot alias trick to spoof Robinhood in phishing rip-off
Nonetheless, Polymarket has a stay bug bounty program that began April 16 and has obtained 446 studies as of Wednesday.
Supply: Darkish Internet Informer
Xorcat additionally mentioned knowledge was pulled by way of undocumented API endpoints, pagination bypass and CORS misconfiguration on Polymarket’s Gamma and CLOB APIs. The hacker claimed to have breached different prediction markets and deliberate to launch the information over the subsequent few days.
A number of safety consultants have expressed doubt. Vladimir S, a menace researcher and chief safety officer at Legalblock, mentioned it seems “somebody parsed knowledge and is attempting to current it as a [DB] leak. It doesn’t appear possible to me.”
Journal: Overlook stablecoin yield, how does the CLARITY Act deal with DeFi?
