Polymarket has dismissed a dark web seller's claim of a customer data breach, saying the 300,000 records on offer were already publicly accessible through its on-chain feeds and APIs.
Hacker Listing And Polymarket Reply
A dark web actor using the handle "xorcat" posted on DarkForums on Tuesday, claiming to have pulled more than 300,000 records, including 10,000 user profiles with names, profile images and wallet addresses.
The post was flagged by Dark Web Informer and cybersecurity firm Vecert Analyzer.
Polymarket called the reports "complete and utter nonsense." The platform said the data sits behind public endpoints and on-chain records that any developer can pull for free.
xorcat said the dataset was assembled through undocumented API endpoints, a pagination bypass and a CORS misconfiguration on the Gamma and CLOB APIs.
Also Read: Worldcoin Sees $52M In Volume As Digital Identity Narrative Regains Attention
Researchers And Bounty Program
The seller said the dump was justified because Polymarket runs no bug bounty program. That claim is incorrect.
A live program opened on April 16 and has logged 446 reports as of Wednesday, according to its Cantina listing.
Vladimir S, chief security officer at Legalblock, said the listing looks like parsed public data dressed up as a database leak rather than a real breach.
Polymarket has been hit before. Account drains tied to a third-party login provider surfaced in late 2025, and an off-chain nonce manipulation attack struck trading bots in February, neither of which touched the platform's core contracts.
Read Next: Terra Luna Classic Gains 5.3% As Community Burn Attention Returns