Polymarket Denies Data Breach After Hacker Claims 300,000+ User Records Stolen
Platform says data allegedly posted on dark web is publicly available via APIs; security experts skeptical of breach claims
Prediction markets platform Polymarket has denied recent reports that its customer data was breached after a hacker on the dark web posted what the person claimed was a trove of private user details. Cybersecurity company Vecert Analyzer and several other X accounts that track dark web activity shared screenshots from DarkForums on Tuesday showing a hacker using the pseudonym "xorcat" claiming to have breached Polymarket. In the post, xorcat said they had stolen over 300,000 records, including 10,000 unique user profiles with full names, profile images, proxy wallets and base addresses. Polymarket called the claims of a data breach "complete and utter nonsense" and said the information the hacker posted is already available online. The crypto industry saw a sudden surge in crypto-related hacks and exploits in April, putting many in the space on high alert. Blockchain security company Hacken reported earlier this month that Web3 projects lost $482 million to hacks and scams in the first quarter of 2026 across 44 incidents. "You compromised our platform by accessing publicly accessible API endpoints & on-chain data and *checks notes* are trying to sell the data we offer developers for free? Which VC paid you to post this?" Polymarket said. In another post, the prediction market said: "Part of the beauty of being on chain is all our data is publicly auditable, this is a feature, not a bug. No data was leaked, it's accessible via our public endpoints & on-chain data. Instead of paying for the data, you can access it for free via our APIs." Source: Polymarket Hacker claims over 300,000 records stolen The so-called hacker said the data was being posted because Polymarket didn't have a bug bounty program. Related: Scammers use Gmail dot alias trick to spoof Robinhood in phishing scam However, Polymarket has a live bug bounty program that started April 16 and has received 446 reports as of Wednesday. Source: Dark Web Informer Xorcat also said data was pulled via undocumented API endpoints, pagination bypass and CORS misconfiguration on Polymarket's Gamma and CLOB APIs. The hacker claimed to have breached other prediction markets and planned to release the data over the next few days. Several security experts have expressed doubt. Vladimir S, a threat researcher and chief security officer at Legalblock, said it appears "someone parsed data and is trying to present it as a [DB] leak. It does not seem probable to me."
