Home
News
Details

Polymarket Suspected Data Breach Exposes Over 300,000 Records and Exploit Toolkit

iconTechFlow
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
POL
$0.0923-1.17%
AI summary iconSummary

expand icon
A suspected data breach at Polymarket has exposed over 300,000 records and an exploit toolkit, according to on-chain data analysis. Hacker xorcat shared the data on a major cybercrime forum, including 10,000 user profiles and 250,000 active CLOB market addresses. The breach exploited API misconfigurations and pagination flaws in the Gamma and CLOB systems. The exploit toolkit includes code for CVE-2025-62718 and CVE-2024-51479. Inflation data tracking and security audits are now under increased scrutiny.

According to Dark Web Informer, the decentralized prediction market platform Polymarket is suspected of being compromised, with the threat actor xorcat posting over 300,000 data records and an accompanying exploit kit on a prominent cybercrime forum. The data extraction occurred on April 27, 2026. The attackers allegedly extracted data through undisclosed API endpoints, pagination bypasses, and CORS misconfigurations in Polymarket Gamma and CLOB APIs. The leaked data includes: 10,000 complete user profiles (containing names, proxy wallets, and base addresses), 4,111 comments, 1,000 reported records (including 58 ETH addresses and administrator authentication identifiers), 48,536 Gamma market metadata entries, over 250,000 fixed-product market maker addresses for active CLOB markets, and 9,000 social graph follower records. The exploit kit contains proof-of-concept code for multiple vulnerabilities, including CVE-2025-62718 (Axios NO_PROXY bypass, CVSS 9.9, enabling server-side request forgery), CVE-2024-51479 (Next.js middleware authentication bypass, CVSS 7.5), and CORS misconfigurations. Additionally, the kit includes automated continuous data scraping scripts and a complete red team report (containing M

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.