Polymarket Refutes Breach Claims, States Alleged Hacker Offering Publicly Available Information
Following allegations that customer information was compromised, Polymarket has rejected claims of a security breach, asserting that an individual claiming to have extracted more than 300,000 records is merely attempting to sell publicly accessible data on dark web forums.
The prediction markets platform Polymarket has strongly refuted recent allegations suggesting that its customer database was compromised, following the emergence of a dark web post by an individual claiming to possess a significant cache of private user information.
On Tuesday, Vecert Analyzer, a cybersecurity firm, along with multiple X platform accounts that monitor dark web activities, published screenshots originating from DarkForums. These screenshots featured a hacker operating under the alias "xorcat" who asserted they had successfully compromised Polymarket's systems.
According to the post, xorcat claimed to have obtained more than 300,000 data records, which allegedly included 10,000 distinct user profiles containing complete names, profile photographs, proxy wallet information, and base addresses.
Polymarket dismissed the breach allegations as "complete and utter nonsense" and maintained that the information the alleged hacker listed for sale is already publicly accessible on the internet.
The cryptocurrency sector experienced a notable increase in crypto-related security breaches and exploits during April, which has placed many industry participants on heightened alert. According to a report published earlier this month by Hacken, a blockchain security firm, Web3 projects experienced losses totaling $482 million due to hacking incidents and scams during the first quarter of 2026, spanning 44 separate incidents.
You compromised our platform by accessing publicly accessible API endpoints & on-chain data and *checks notes* are trying to sell the data we offer developers for free? Which VC paid you to post this?
Polymarket
In a subsequent statement, the prediction market platform elaborated: "Part of the beauty of being on chain is all our data is publicly auditable, this is a feature, not a bug. No data was leaked, it's accessible via our public endpoints & on-chain data. Instead of paying for the data, you can access it for free via our APIs."
Hacker claims over 300,000 records stolen
The individual presenting themselves as a hacker stated that the information was being made available for sale due to Polymarket's alleged lack of a bug bounty program.
Contrary to this claim, Polymarket currently operates an active bug bounty program that commenced on April 16 and has accumulated 446 submissions as of Wednesday.
Xorcat additionally stated that the data was extracted through undocumented API endpoints, pagination bypass techniques, and CORS misconfiguration issues affecting Polymarket's Gamma and CLOB APIs. The individual also claimed to have successfully breached additional prediction market platforms and indicated plans to publish that data within the coming days.
Multiple security professionals have voiced skepticism regarding the claims. Vladimir S, who serves as a threat researcher and chief security officer at Legalblock, commented that it appears "someone parsed data and is trying to present it as a [DB] leak. It does not seem probable to me."