Prediction markets platform Polymarket has denied a data breach after a hacker using the pseudonym “xorcat” claimed on dark web forums to have stolen over 300,000 user records. The platform called the claims “complete and utter nonsense,” stating the information is already publicly available via its APIs and on-chain data. Cybersecurtity firms reported on the hacker’s claims, which included alleged access to 10,000 unique user profiles, but several security experts have expressed doubt about the legitimacy of the alleged breach.
A hacker using the pseudonym “xorcat” claimed on dark web forums to have breached Polymarket, alleging the theft of over 300,000 records. The data reportedly included 10,000 unique user profiles with full names, profile images, proxy wallets, and base addresses.
Cybersecurity firm Vecert Analyzer and other accounts tracking dark web activity shared screenshots of the hacker’s post from Tuesday. However, Polymarket dismissed the claim entirely in a public statement.
The platform stated the claims were “complete and utter nonsense” and that the posted information is already accessible online. It suggested the actor merely accessed publicly available data.
In a detailed post, Polymarket said “You compromised our platform by accessing publicly accessible API endpoints & on-chain data… are trying to sell the data we offer developers for free?”. The company emphasized its data is publicly auditable as a core feature.
The hacker claimed the data dump was because Polymarket lacked a bug bounty program. This contradicted a live program on Cantina that started April 16 and had received 446 reports by Wednesday.
Security experts expressed skepticism about the breach’s validity. Vladimir S, a threat researcher at Legalblock, said it appeared “someone parsed data and is trying to present it as a [DB] leak.”. The claim comes amid a broader surge in crypto hacks, with Hacken reporting Web3 projects lost $482 million in Q1 2026.
