Decentralized prediction market platform Polymarket has reportedly suffered a data breach, with over 300,000 records exposed by a threat actor known as xorcat. The breach, which occurred on April 27, 2026, was revealed on a cybercrime forum, where the attacker posted the data along with an exploit toolkit. The compromised data includes 10,000 user profiles, 4,111 comments, and 1,000 reported records, among other sensitive information.
The attackers allegedly exploited vulnerabilities in Polymarket's API endpoints, pagination bypasses, and CORS misconfigurations. The leaked exploit kit contains proof-of-concept code for several vulnerabilities, including CVE-2025-62718 and CVE-2024-51479, as well as automated data scraping scripts and a red team report. This breach highlights significant security flaws within Polymarket's infrastructure, raising concerns over user data protection.
Polymarket Data Breach Exposes 300,000 Records and Exploit Toolkit
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.