Polymarket Rejects Dark Web Claims of Massive Data Breach

Share:
Polymarket denied a reported customer data breach by dark‑web user “xorcat,” who claimed >300,000 records including ~10,000 unique user profiles (names, images, proxy wallets); Polymarket says the data was publicly accessible via its APIs and on‑chain data, not an internal leak. The platform launched an active bug bounty on April 16 and had received hundreds of submissions by Wednesday; alleged vectors (undocumented endpoints, pagination bypass, CORS issues in Gamma and CLOB APIs) are disputed by security researchers who say the material was likely scraped. Crypto/DeFi impact: incident underscores transparency of on‑chain data and API security risks for prediction markets and DEX/CLOB integrations, but no confirmed exploit reported, reducing immediate custody/security concern.
The platform said the information mentioned by the so-called attacker was already publicly available through its APIs and on-chain blockchain data, not the result of unauthorized access. Polymarket also rejected claims that it lacked a bug bounty program. Security researchers also questioned the breach allegations, with some suggesting the data may have been scraped from public sources rather than leaked from internal systems.
Polymarket Denies Leak
Prediction markets platform Polymarket denied allegations that it suffered a customer data breach after claims surfaced on dark web forums that a hacker stole private user information. The controversy began when cybersecurity monitoring accounts and security researchers shared screenshots from DarkForums showing a user operating under the pseudonym “xorcat” claiming responsibility for the supposed breach.
According to the post, the hacker alleged that more than 300,000 records were obtained, including around 10,000 unique user profiles. The claimed data reportedly included full names, profile images, proxy wallet information, and base addresses.
These claims quickly attracted attention from the crypto community, particularly because the industry recently experienced an increase in cyberattacks, scams, and exploits.
Polymarket responded publicly and dismissed the allegations, calling the breach claims “complete and utter nonsense.” The company stated that the information referenced by the hacker was not stolen private data, but instead consisted of information that was already publicly accessible through its open APIs and on-chain blockchain records. Polymarket argued that transparency is a core feature of blockchain-based systems, where transaction and market data can be openly audited by anyone.
In a response on social media, the platform mocked the hacker’s claims by suggesting that publicly available data was simply collected and repackaged as if it were a leak. Polymarket explained that developers and users can already access a lot of this information for free through official endpoints. This means that no unauthorized breach of internal systems actually took place.
The hacker also claimed the data was being released because Polymarket allegedly lacked a bug bounty program. However, this claim was contradicted by Polymarket as it launched an active bug bounty initiative on April 16 and already received hundreds of submissions by Wednesday. This weakened the credibility of the hacker’s narrative.
Other claims from xorcat suggested that undocumented API endpoints, pagination bypass techniques, and CORS misconfigurations in Polymarket’s Gamma and CLOB APIs were used to gather the data. The hacker also said other prediction market platforms were compromised and threatened to release more information in the coming days.
Despite the dramatic claims, several cybersecurity experts also expressed their skepticism. Vladimir S, a threat researcher and chief security officer at Legalblock, said the situation looked more like someone scraping publicly available information and falsely presenting it as a database leak rather than exposing any genuine compromise.
Read More


