Prediction markets platform Polymarket has denied current experiences that its buyer information was breached after a hacker on the darkish net posted what the individual claimed was a trove of personal consumer particulars.
Cybersecurity firm Vecert Analyzer and a number of other different X accounts that observe darkish net exercise shared screenshots from DarkForums on Tuesday displaying a hacker utilizing the pseudonym “xorcat” claiming to have breached Polymarket.
Within the submit, xorcat stated they’d stolen over 300,000 information, together with 10,000 distinctive consumer profiles with full names, profile photos, proxy wallets and base addresses.
Polymarket called the claims of an information breach “full and utter nonsense” and stated the data the hacker posted is already accessible on-line.
The crypto business noticed a sudden surge in crypto-related hacks and exploits in April, placing many within the area on excessive alert. Blockchain safety firm Hacken reported earlier this month that Web3 initiatives misplaced $482 million to hacks and scams within the first quarter of 2026 throughout 44 incidents.
“You compromised our platform by accessing publicly accessible API endpoints & on-chain information and *checks notes* try to promote the info we provide builders without spending a dime? Which VC paid you to submit this?” Polymarket said.
In one other submit, the prediction market said: “A part of the fantastic thing about being on chain is all our information is publicly auditable, it is a function, not a bug. No information was leaked, it is accessible by way of our public endpoints & on-chain information. As a substitute of paying for the info, you’ll be able to entry it without spending a dime by way of our APIs.”
Supply: Polymarket
Hacker claims over 300,000 information stolen
The so-called hacker stated the info was being posted as a result of Polymarket didn’t have a bug bounty program.
Associated: Scammers use Gmail dot alias trick to spoof Robinhood in phishing scam
Nevertheless, Polymarket has a dwell bug bounty program that started April 16 and has obtained 446 experiences as of Wednesday.
Supply: Dark Web Informer
Xorcat additionally stated information was pulled by way of undocumented API endpoints, pagination bypass and CORS misconfiguration on Polymarket’s Gamma and CLOB APIs. The hacker claimed to have breached different prediction markets and deliberate to launch the info over the subsequent few days.
A number of safety consultants have expressed doubt. Vladimir S, a menace researcher and chief safety officer at Legalblock, said it seems “somebody parsed information and is attempting to current it as a (DB) leak. It doesn’t appear possible to me.”
Journal: Forget stablecoin yield, how does the CLARITY Act treat DeFi?
Source link
