Prediction markets platform Polymarket has denied latest stories that its buyer knowledge was breached after a hacker on the darkish internet posted what the individual claimed was a trove of personal person particulars.
Cybersecurity firm Vecert Analyzer and a number of other different X accounts that observe darkish internet exercise shared screenshots from DarkForums on Tuesday displaying a hacker utilizing the pseudonym “xorcat” claiming to have breached Polymarket.
Within the publish, xorcat stated they’d stolen over 300,000 data, together with 10,000 distinctive person profiles with full names, profile photographs, proxy wallets and base addresses.
Polymarket known as the claims of a knowledge breach “full and utter nonsense” and stated the knowledge the hacker posted is already obtainable on-line.
The crypto business noticed a sudden surge in crypto-related hacks and exploits in April, placing many within the house on excessive alert. Blockchain safety firm Hacken reported earlier this month that Web3 initiatives misplaced $482 million to hacks and scams within the first quarter of 2026 throughout 44 incidents.
“You compromised our platform by accessing publicly accessible API endpoints & on-chain knowledge and *checks notes* are attempting to promote the information we provide builders without spending a dime? Which VC paid you to publish this?” Polymarket stated.
In one other publish, the prediction market stated: “A part of the fantastic thing about being on chain is all our knowledge is publicly auditable, this can be a function, not a bug. No knowledge was leaked, it is accessible through our public endpoints & on-chain knowledge. As an alternative of paying for the information, you possibly can entry it without spending a dime through our APIs.”
Supply: Polymarket
Hacker claims over 300,000 data stolen
The so-called hacker stated the information was being posted as a result of Polymarket didn’t have a bug bounty program.
Associated: Scammers use Gmail dot alias trick to spoof Robinhood in phishing rip-off
Nevertheless, Polymarket has a reside bug bounty program that began April 16 and has acquired 446 stories as of Wednesday.
Supply: Darkish Net Informer
Xorcat additionally stated knowledge was pulled through undocumented API endpoints, pagination bypass and CORS misconfiguration on Polymarket’s Gamma and CLOB APIs. The hacker claimed to have breached different prediction markets and deliberate to launch the information over the subsequent few days.
A number of safety consultants have expressed doubt. Vladimir S, a risk researcher and chief safety officer at Legalblock, stated it seems “somebody parsed knowledge and is making an attempt to current it as a [DB] leak. It doesn’t appear possible to me.”
Journal: Overlook stablecoin yield, how does the CLARITY Act deal with DeFi?