Currencies38131
Market Cap$ 2.28T-0.02%
24h Spot Volume$ 29.88B-8.31%
DominanceBTC56.40%-0.06%ETH9.52%+0.91%
ETH Gas0.07 Gwei
Cryptorank
/

Polymarket Rejects Dark Web Claims of Massive Data Breach


Polymarket Rejects Dark Web Claims of Massive Data Breach

Share:

AI Overview

Polymarket denied a reported customer data breach by dark‑web user “xorcat,” who claimed >300,000 records including ~10,000 unique user profiles (names, images, proxy wallets); Polymarket says the data was publicly accessible via its APIs and on‑chain data, not an internal leak. The platform launched an active bug bounty on April 16 and had received hundreds of submissions by Wednesday; alleged vectors (undocumented endpoints, pagination bypass, CORS issues in Gamma and CLOB APIs) are disputed by security researchers who say the material was likely scraped. Crypto/DeFi impact: incident underscores transparency of on‑chain data and API security risks for prediction markets and DEX/CLOB integrations, but no confirmed exploit reported, reducing immediate custody/security concern.

Bullish

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

The platform said the information mentioned by the so-called attacker was already publicly available through its APIs and on-chain blockchain data, not the result of unauthorized access. Polymarket also rejected claims that it lacked a bug bounty program. Security researchers also questioned the breach allegations, with some suggesting the data may have been scraped from public sources rather than leaked from internal systems.

Polymarket Denies Leak

Prediction markets platform Polymarket denied allegations that it suffered a customer data breach after claims surfaced on dark web forums that a hacker stole private user information. The controversy began when cybersecurity monitoring accounts and security researchers shared screenshots from DarkForums showing a user operating under the pseudonym “xorcat” claiming responsibility for the supposed breach.

According to the post, the hacker alleged that more than 300,000 records were obtained, including around 10,000 unique user profiles. The claimed data reportedly included full names, profile images, proxy wallet information, and base addresses. 

These claims quickly attracted attention from the crypto community, particularly because the industry recently experienced an increase in cyberattacks, scams, and exploits.

Polymarket responded publicly and dismissed the allegations, calling the breach claims “complete and utter nonsense.” The company stated that the information referenced by the hacker was not stolen private data, but instead consisted of information that was already publicly accessible through its open APIs and on-chain blockchain records. Polymarket argued that transparency is a core feature of blockchain-based systems, where transaction and market data can be openly audited by anyone.

In a response on social media, the platform mocked the hacker’s claims by suggesting that publicly available data was simply collected and repackaged as if it were a leak. Polymarket explained that developers and users can already access a lot of this information for free through official endpoints. This means that no unauthorized breach of internal systems actually took place.

The hacker also claimed the data was being released because Polymarket allegedly lacked a bug bounty program. However, this claim was contradicted by Polymarket as it launched an active bug bounty initiative on April 16 and already received hundreds of submissions by Wednesday. This weakened the credibility of the hacker’s narrative.

Other claims from xorcat suggested that undocumented API endpoints, pagination bypass techniques, and CORS misconfigurations in Polymarket’s Gamma and CLOB APIs were used to gather the data. The hacker also said other prediction market platforms were compromised and threatened to release more information in the coming days.

Despite the dramatic claims, several cybersecurity experts also expressed their skepticism. Vladimir S, a threat researcher and chief security officer at Legalblock, said the situation looked more like someone scraping publicly available information and falsely presenting it as a database leak rather than exposing any genuine compromise.

Read the article at Coinpaper

In This News

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

In This News

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

Read More

Bithumb guides users on Humanity (H) claim portal after security incident

Bithumb guides users on Humanity (H) claim portal after security incident

BitcoinWorld Bithumb guides users on Humanity (H) claim portal after security incide...
Global INTERPOL Crackdown Exposes Crypto Laundering Behind Romance Scams

Global INTERPOL Crackdown Exposes Crypto Laundering Behind Romance Scams

In Brief Thai police uncovered a $122M crypto wallet laundering romance scam money. ...