Polymarket has denied claims of a major data breach after a dark web user alleged that hundreds of thousands of user records were stolen.
Quick Summary – TLDR:
- A hacker claimed to have stolen over 300,000 user records from Polymarket.
- The platform says the data is already publicly accessible via APIs and blockchain.
- Security experts believe the data was likely scraped, not leaked.
- The incident comes amid rising crypto hacks totaling $482 million in Q1 2026.
What Happened?
Claims surfaced on dark web forums that a hacker had accessed and stolen massive amounts of user data from Polymarket. The company quickly denied the allegations, stating that no private data was breached and the information being sold was already publicly available.
‼️ Polymarket, the decentralized prediction market platform, has allegedly been breached, with 300,000+ records and an exploit kit leaked on a popular cybercrime forum. The actor states Polymarket has no bug bounty program and was not notified.
— Dark Web Informer (@DarkWebInformer) April 28, 2026
⠀
‣ Threat Actor: xorcat
‣… pic.twitter.com/UAmCL46pk3
Hacker Claims Spark Concern Across Crypto Community
The controversy began after screenshots circulated online from a dark web forum showing a user operating under the name xorcat. The individual claimed to have stolen more than 300,000 records, including around 10,000 unique user profiles.
According to the claims, the dataset included:
- Full names
- Profile images
- Proxy wallet details
- Base addresses
The hacker also alleged that the data was collected by exploiting undocumented API endpoints, bypassing pagination limits, and taking advantage of CORS misconfigurations in Polymarket’s Gamma and CLOB APIs. They further claimed that other prediction market platforms had been compromised and hinted at releasing more data.
These allegations quickly gained traction, especially as the crypto industry has been dealing with a spike in cyberattacks and scams in recent months.
Polymarket Rejects Breach Claims
Polymarket responded strongly, dismissing the allegations as “complete and utter nonsense.” The company clarified that the data referenced by the hacker is not private or sensitive information obtained through unauthorized access.
Instead, Polymarket emphasized that the data is publicly accessible through its official APIs and on chain blockchain records. The platform highlighted that transparency is a fundamental feature of blockchain systems, where transaction and market data can be openly audited.
In a public response, the company said, “You compromised our platform by accessing publicly accessible API endpoints and on-chain data and are trying to sell the data we offer developers for free?”
The platform further added, “No data was leaked, it is accessible via our public endpoints and on chain data. Instead of paying for the data, you can access it for free via our APIs.”
😂 “compromised”?
— Polymarket (@Polymarket) April 28, 2026
Part of the beauty of being on-chain is all our data is publicly auditable… this is a feature, not a bug. No data was “leaked” — it’s accessible via our public endpoints & on-chain data.
Instead of paying for the data, you can access it for free via our APIs.
Bug Bounty Claim Contradicted
The hacker also claimed that the data was being exposed because Polymarket lacked a bug bounty program. However, this claim was quickly contradicted.
Polymarket confirmed that it launched a bug bounty initiative on April 16, which has already received hundreds of submissions, including over 400 reports within days. This directly undermines the credibility of the hacker’s narrative.
Security Experts Remain Skeptical
Cybersecurity experts have also cast doubt on the breach claims. Vladimir S, chief security officer at Legalblock, suggested that the situation appears to involve data scraping rather than a genuine breach.
He noted that it looks like “someone parsed data and is trying to present it as a [DB] leak. It does not seem probable to me.”
This perspective aligns with Polymarket’s explanation that the data was simply aggregated from public sources and repackaged to appear like a leak.
Rising Security Concerns in Crypto Industry
The incident comes at a time when the crypto sector is facing increasing security challenges. According to blockchain security firm Hacken, Web3 projects lost $482 million to hacks and scams in the first quarter of 2026 across 44 incidents.
This broader context has made the community more sensitive to any potential breach claims, even when they may not involve actual compromises.
Transparency vs Privacy Debate Continues
The situation also highlights an ongoing tension in blockchain ecosystems between transparency and privacy. While open access to data is a core advantage of decentralized systems, it can sometimes create confusion when publicly available information is mistaken for leaked private data.
For platforms like Polymarket, this incident serves as a reminder that clear communication about what data is public is essential to avoid misinformation and panic.
SQ Magazine Takeaway
I think this case shows how easily public blockchain data can be misunderstood and even misused to create panic. Not every large dataset being sold online is the result of a hack. Sometimes it is just clever repackaging of information that was already out there. At the same time, the crypto industry’s growing list of real hacks makes it harder for users to separate facts from fear. Platforms need to be more proactive in educating users about how their data actually works.
