Security Operations , Data Security Polymarket denies data breach claims by hacker Xorcat April 30, 2026 Share By SC Staff (Adobe Stock) Per HackRead, Polymarket, the world's largest decentralized cryptocurrency-based prediction market, has denied claims made by a hacker known as Xorcat, who alleged the theft of 300,000 user records. The alleged data, posted on April 27, 2026, on a cybercrime forum and Telegram, has been dismissed by Polymarket as fabricated. Xorcat claimed to exploit several vulnerabilities, including undocumented API endpoints, a pagination bypass on the CLOB trading system by altering code to request nearly a million data points, and a CORS misconfiguration. The hacker also cited the exploitation of CVE-2025-62718 and CVE-2024-51479, which could allow bypassing login screens and accessing internal server data. The alleged leak includes user profiles with names and wallet addresses, follower profiles, comments, report records, and extensive market data from both Gamma and CLOB systems. However, Polymarket stated that much of this data is publicly available due to its blockchain-based nature and suggested Xorcat likely scraped public information rather than executing a true data breach. The company pointed out that they have a bug bounty program, contradicting Xorcat's stated motivation for the leak. While Polymarket denies a breach, users are advised to be cautious about their public crypto wallet addresses being linked to their identities. Source: HackRead SC Staff Related Security Operations GoDaddy under fire for alleged unauthorized domain transfer SC Staff April 30, 2026 The incident involved a domain belonging to an anonymous American non-profit with 20 locations nationwide. Security Operations Supreme Court hears arguments on controversial geofence warrants SC Staff April 29, 2026 Geofence warrants allow law enforcement to compel tech companies like Google to provide location data for all users within a specified area and time frame. Security Operations Silverfort acquires AI-native identity security firm Fabrix SC Staff April 29, 2026 Fabrix Security offers an AI-native platform designed to assist enterprise identity and access management teams in making faster and more accurate access decisions for both human and non-human identities, including service accounts, API keys, bots, and AI agents. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Byte Checksum Cipher Cold Warm Hot Disaster Recovery Site Countermeasure Cryptanalysis Cryptographic Hash Functions Data Loss Prevention (DLP) Decryption Digital Signature Algorithm (DSA) You can skip this ad in 5 seconds