The prediction market platform Polymarket is suspected of a data breach, with over 300,000 records and an exploit toolkit leaked
By: rootdata|2026/04/29 10:42:01
0
Share
The decentralized prediction market platform Polymarket is suspected to have been hacked, with the threat actor xorcat posting over 300,000 data records and a corresponding exploit toolkit on a well-known cybercrime forum.
It is reported that the attacker extracted data through undisclosed API endpoints, pagination bypass, and CORS misconfigurations in Polymarket Gamma and CLOB API. The leaked content includes: 10,000 users' complete personal information (including names, proxy wallets, and base addresses), 4,111 comments, 1,000 reports (including 58 ETH addresses and administrator verification address identifiers), 48,536 Gamma market metadata, over 250,000 active CLOB market fixed product market maker addresses, and 9,000 social graph data of followers.
The toolkit contains proof-of-concept code for multiple vulnerabilities, including CVE-2025-62718 (Axios NO_PROXY bypass, CVSS 9.9, which can trigger server-side request forgery), CVE-2024-51479 (Next.js middleware authentication bypass, CVSS 7.5), and CORS misconfigurations. Additionally, the toolkit includes automated continuous pull scripts and a complete red team report.
You may also like
Morning Report | Galaxy Digital announces Q1 2026 financial report; Liquid completes $18 million Series A financing; Polymarket plans to bring major exchanges to the U.S
Overview of Important Market Events on April 28
From a banned economist to the new CEO of Xinhua: Fu Peng has figured out the second half of traffic
This uproar in the crypto circle appears to be a cultural conflict between a traditional economist and a crypto OG, but looking deeper, it is merely the new fire leveraging Fu Peng's influence in the traditional financial sector to pry open a batch of client funds that were originally difficult to r...
Why Private Credit Became the First True Bridge from TradFi to DeFi
Unveiling the core logic of private credit leading RWA: it is no longer just simple tokenization, but rather a true reshaping of the practical value of asset on-chain through real returns and deep integration with the DeFi ecosystem.
Senior cryptocurrency investor: Blockchain is showing a siphoning effect on capital
Stablecoins are the first real-world assets on the blockchain, but they will not be the last. Every billion dollars in stablecoins generates $12.2 billion in economic activity and $19 million in protocol revenue annually; once capital is on the blockchain, it gains productivity and does not go back.
When traditional crypto derivatives start to subtract: Insights from Hyper Trade's products
Say goodbye to complex contracts, as crypto derivatives begin to "subtract": This article breaks down how Hyper Trade reduces hardcore risk pricing into "second-level multiple-choice questions," reshaping the trading experience for retail investors.
My view on blockchain has changed
In-depth Reflection on the Value of Blockchain Applications and the Time Dimension
Will AI Agents use bank cards? Why can't Agentic Payment avoid stablecoins and blockchain?
Why can't AI agents just swipe bank cards? An article to understand the new tiered payment system: stablecoins and blockchain are becoming the exclusive settlement language and verifiable trust foundation of the "machine economy" era.
Deconstructing 80 mainstream payment institutions and wallets worldwide
A comprehensive analysis of the global top 100 payment companies. Led by Alipay and WeChat, this article provides insights into the business logic and competitive advantages of over 80 top players.
The MiCA Fast Track for Cryptocurrency Licenses: Why OKX and BVNK Choose Malta
Countdown to the EU MiCA Licensing: Why do crypto giants like OKX choose Malta for their "first license"? A deep dive into the CASP license application process, business portfolio logic, and compliance pitfalls guide.
a16z Crypto: Stablecoins are rebuilding the global financial infrastructure
Stablecoins are evolving from cryptocurrency trading tools into a new infrastructure for global finance. They are not only changing cross-border payments but are also driving bank connectivity, corporate finance, foreign exchange liquidity, on-chain credit, and the globalization of the dollar into a...
ENI's RWA ambition: to create an enterprise-level BaaS platform that allows Web2 institutions to "go beyond just asset on-chain."
What are the differences between RWA 1.0 and RWA 2.0?
Morning Report | a16z releases global financial new stack report; Websea's withdrawal channel suspected of running away; Strategy purchased 3,273 bitcoins last week
Overview of Important Market Events on April 27
The most Crypto group of people is becoming the least Crypto
Hong Kong Carnival × Bangkok Money 20/20 Observation Notes
MSTR STRC In-depth Study: The BTC Financing Flywheel Behind the 11.5% Yield
STRC is a well-designed financing tool that transforms fixed income demand into buying pressure for Bitcoin.
Bitcoin ETF News: $824M Weekly Inflows, BTC Hits $79K as Bitcoin 2026 Conference Opens in Las Vegas
Bitcoin ETF news today shows institutions absorbed 19,000 BTC in just 8 trading days as inflows reached $2.43B in April. With Bitcoin Conference Week underway and BTC testing $79K, traders are watching whether supply pressure could trigger the next breakout.
BNB Chain Spring Report: From New Heights in RWA to Leading the AI Agent Economy, a "Structural Leap" is Happening
How to create a full-link growth flywheel of assets, talent, technology, and value feedback?
Who authorized this? The gray area of x402
Is the AI agent market hiding a "gray industry"? Unveiling the Coinbase x402 ecological crisis: unauthorized third parties are profiting massively by scraping APIs, while the original manufacturers gain nothing! Understand the compliance storm and solutions of the proxy agreement in one article.
What is the background of 5(c) Capital, which has both Polymarket and Kalshi CEOs as investors?
When the archrivals start betting together: The real signal behind 5(c) Capital
Morning Report | Galaxy Digital announces Q1 2026 financial report; Liquid completes $18 million Series A financing; Polymarket plans to bring major exchanges to the U.S
Overview of Important Market Events on April 28
From a banned economist to the new CEO of Xinhua: Fu Peng has figured out the second half of traffic
This uproar in the crypto circle appears to be a cultural conflict between a traditional economist and a crypto OG, but looking deeper, it is merely the new fire leveraging Fu Peng's influence in the traditional financial sector to pry open a batch of client funds that were originally difficult to r...
Why Private Credit Became the First True Bridge from TradFi to DeFi
Unveiling the core logic of private credit leading RWA: it is no longer just simple tokenization, but rather a true reshaping of the practical value of asset on-chain through real returns and deep integration with the DeFi ecosystem.
Senior cryptocurrency investor: Blockchain is showing a siphoning effect on capital
Stablecoins are the first real-world assets on the blockchain, but they will not be the last. Every billion dollars in stablecoins generates $12.2 billion in economic activity and $19 million in protocol revenue annually; once capital is on the blockchain, it gains productivity and does not go back.
When traditional crypto derivatives start to subtract: Insights from Hyper Trade's products
Say goodbye to complex contracts, as crypto derivatives begin to "subtract": This article breaks down how Hyper Trade reduces hardcore risk pricing into "second-level multiple-choice questions," reshaping the trading experience for retail investors.
My view on blockchain has changed
In-depth Reflection on the Value of Blockchain Applications and the Time Dimension
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com