Polymarket Rejects Data Breach Claims as Hacker Alleges 300K Records Stolen
Polymarket Rejects Data Breach Claims 🚫
A hacker named Xorcat claims to have stolen a massive 300,000 records from Polymarket. The alleged stolen data was posted on a cybercrime forum and Telegram on April 27, 2026. However, Polymarket has firmly rejected these claims.
Xorcat asserts that they exploited several flaws in the website’s code, including undocumented API endpoints and a pagination bypass on Polymarket’s CLOB trading system. By changing a number in the website’s code to 999,999, the hacker reportedly forced the system to hand over almost a million pieces of data in one go. Additionally, Xorcat mentioned exploiting a CORS misconfiguration.
The total dump allegedly contains 2.24 GB of data, with 750MB of raw data compressed into 8.3MB of JSON files. A screenshot shared by the hacker reveals a profile_images folder and various data files like gamma_markets.json, gamma_metadata.json, and a massive 1.2GB file titled xorcat.deals polymarket clob_markets.json. The data includes 10,000 user profiles with names, bios, and wallet addresses, which, when linked, can reveal a person’s private trading history. There are also 9,000 follower profiles, 4,111 comments, and 1,000 report records containing 58 unique ETH addresses.
Polymarket has strongly denied that a breach occurred, calling the claims total nonsense. They explained that because their platform uses a blockchain, much of the data is already public. The company believes that the hacker simply copied this public data and is attempting to gain a reputation as an expert hacker by making such claims. This appears to be a data scraping incident rather than actual data theft.
Users should remain vigilant as their names might now be linked to their public crypto wallets.