Key Highlights
- A prediction market platform dismissed allegations of a security breach involving private user information.
- An individual claiming to be a hacker stated they obtained more than 300,000 platform records.
- The platform clarified that information displayed online was accessible through public APIs and blockchain data.
- A bug bounty initiative has been running since April 16, the company verified.
- Cybersecurity professionals cast doubt on the breach allegations, indicating the information likely came from public sources.
- Web3 platforms experienced $482 million in losses from security incidents during Q1 2026, according to Hacken.
Polymarket refuted allegations that unauthorized individuals compromised its infrastructure and extracted confidential user information. The platform stated that information presented online originates from publicly accessible APIs and blockchain records. This statement came after dark web forum posts claimed the extraction of over 300,000 user records.
Platform Responds to Dark Web Allegations
Cybersecurity organization Vecert Analyzer and multiple X platform accounts published screenshots from DarkForums earlier this week. These images showed a user identified as “xorcat” claiming successful unauthorized access to Polymarket systems. The person stated they extracted more than 300,000 records from the prediction market platform.
https://twitter.com/VECERTRadar/status/2048892549943738?s=20
The forum post suggested the dataset contained 10,000 user profiles complete with personal names and profile pictures. It referenced proxy wallets and base wallet addresses associated with platform accounts. Polymarket firmly rejected these assertions, characterizing them as “complete and utter nonsense.”
The platform explained that the individual accessed openly available API endpoints and publicly verifiable blockchain information. Any developer can obtain identical data at zero cost, according to the company.
“No data was leaked, it’s accessible via our public endpoints & on-chain data,” Polymarket stated.
The platform emphasized that blockchain transparency enables public verification of all records. This transparency represents a fundamental aspect of their platform architecture.
Polymarket challenged the individual’s intentions, asking, “Which VC paid you to post this?”
Individual References API Access Amid Growing Security Concerns
The person behind the claim stated they collected data because Polymarket appeared to lack a security researcher reward program. The platform actually established an active bug bounty program on April 16. As of Wednesday, Polymarket confirmed receiving 446 security reports.
Xorcat described using undocumented API endpoints and techniques to bypass pagination limits. The post referenced a CORS configuration issue affecting Gamma and CLOB APIs. The individual mentioned accessing other prediction platforms and planned to release additional datasets.
Cybersecurity professionals expressed skepticism regarding the breach claims after examining the forum screenshots. Vladimir S, serving as chief security officer at Legalblock, voiced concerns about the authenticity of the allegations.
He stated, “It appears someone parsed data and is trying to present it as a [DB] leak.”
The cryptocurrency industry has encountered increasing security challenges in recent months. Blockchain security company Hacken documented $482 million in financial losses throughout Q1 2026. The firm recorded 44 separate security incidents affecting Web3 platforms during this timeframe.
Polymarket reiterated that no internal databases or systems experienced unauthorized access. The company stressed that all mentioned information remains openly accessible to the public. Developers can obtain identical datasets through official API channels without any fees or special permissions.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
