Polymarket Hacked Allegation: 300K+ Records Leaked, Market Security in Focus

Published: 2026-04-29 02:56:10 |

Decentralized prediction market Polymarket is facing an alleged security breach. Dark Web Informer, via an X post, claims an attacker leaked over 300,000 records plus an exploit toolkit to a cybercrime forum. The attacker said the data was obtained via an unlogged API endpoint, pagination bypass, and a CORS misconfiguration, with an extraction date of 2026-04-27. The leaked set is reported to include around 10,000 users’ personal identity information, 41,000 comments, about 485,000 market metadata entries, roughly 250,000 active CLOB markets, and 292 event submitter resolver addresses. The post also references proof-of-concept code tied to vulnerabilities such as CVE-2025-62718 (CVSS 9.9) and CVE-2024-51479 (CVSS 7.5), including CORS configuration issues. An update follows: Polymarket denies the data leak, stating that all data can be accessed for free through its publicly available APIs. For traders, this raises near-term uncertainty around platform trust and operational security, even as Polymarket’s public API access claim challenges the breach narrative. Polymarket remains the key risk variable as investigations and community verification progress.

Bearish

The news is bearish in the short run because it centers on alleged unauthorized access and the exposure of user-related data and platform metadata. Even though Polymarket later denied the leak, the initial claim highlights security misconfiguration risk (CORS) and potential unlogged API abuse. In past crypto and Web3 incidents, breach allegations—whether confirmed or disputed—often trigger temporary risk-off behavior: traders reduce exposure to the affected venue, liquidity can thin, and governance/community confidence can weaken while investigations unfold. Short-term impact: volatility risk around Polymarket-related activity, wider skepticism toward prediction-market infrastructure, and faster spreads of “platform safety” narratives. Long-term impact: if Polymarket’s denial is validated (evidence shows the data is indeed obtainable via public APIs), the market impact may fade and restore confidence. If, however, investigators find a real breach path, it could lead to security upgrades, operational downtime, and potential reputational damage—factors that typically weigh on long-term participation. Overall, the uncertainty surrounding Polymarket currently tilts negative until verification is complete.