Tento príspevok bol pôvodne publikovaný na stránke https://cointelegraph.com/news/polymarket-says-hacker-is-selling-publicly-available-data-while-claiming-security-breach?utm_source=rss_feed&utm_medium=rss&utm_campaign=rss_partner_inbound a autorom článku je Cointelegraph By Stephen Katte. Tento článok je iba kópia originálneho článku.

https://images.cointelegraph.com/images/528_aHR0cHM6Ly9wYXlsb2FkLmx1bS10cmkub3JnL2FwaS9hcnRpY2xlLWNvdmVycy9maWxlL05ld3MlMjBjb2luJTIwbWFuJTIwUG9seW1hcmtldC5qcGc/cHJlZml4PW1lZGlhJTJGYXJ0aWNsZS1jb3ZlcnM=.jpg

Prediction markets platform Polymarket has denied recent reports that its customer data was breached after a hacker on the dark web posted what the person claimed was a trove of private user details.

Cybersecurity company Vecert Analyzer and several other X accounts that track dark web activity shared screenshots from DarkForums on Tuesday showing a hacker using the pseudonym “xorcat” claiming to have breached Polymarket.

In the post, xorcat said they had stolen over 300,000 records, including 10,000 unique user profiles with full names, profile images, proxy wallets and base addresses. 

Polymarket called the claims of a data breach “complete and utter nonsense” and said the information the hacker posted is already available online.

The crypto industry saw a sudden surge in crypto-related hacks and exploits in April, putting many in the space on high alert. Blockchain security company Hacken reported earlier this month that Web3 projects lost $482 million to hacks and scams in the first quarter of 2026 across 44 incidents.

“You compromised our platform by accessing publicly accessible API endpoints & on-chain data and *checks notes* are trying to sell the data we offer developers for free? Which VC paid you to post this?” Polymarket said.

In another post, the prediction market said: “Part of the beauty of being on chain is all our data is publicly auditable, this is a feature, not a bug. No data was leaked, it’s accessible via our public endpoints & on-chain data. Instead of paying for the data, you can access it for free via our APIs.”

Source: Polymarket 

Hacker claims over 300,000 records stolen 

The so-called hacker said the data was being posted because Polymarket didn’t have a bug bounty program. 

Related: Scammers use Gmail dot alias trick to spoof Robinhood in phishing scam

However, Polymarket has a live bug bounty program that started April 16 and has received 446 reports as of Wednesday.  

Source: Dark Web Informer 

Xorcat also said data was pulled via undocumented API endpoints, pagination bypass and CORS misconfiguration on Polymarket’s Gamma and CLOB APIs. The hacker claimed to have breached other prediction markets and planned to release the data over the next few days.

Several security experts have expressed doubt. Vladimir S, a threat researcher and chief security officer at Legalblock, said it appears “someone parsed data and is trying to present it as a [DB] leak. It does not seem probable to me.”

Magazine: Forget stablecoin yield, how does the CLARITY Act treat DeFi?   

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.