The prediction market platform Polymarket is suspected of a data breach, with over 300,000 records and an exploit toolkit leaked

By: rootdata|2026/04/29 02:46:47
0
Share
copy

The decentralized prediction market platform Polymarket is suspected to have been hacked, with the threat actor xorcat posting over 300,000 data records and a corresponding exploit toolkit on a well-known cybercrime forum.

It is reported that the attacker extracted data through undisclosed API endpoints, pagination bypass, and CORS misconfigurations in Polymarket Gamma and CLOB API. The leaked content includes: 10,000 users' complete personal information (including names, proxy wallets, and base addresses), 4,111 comments, 1,000 reports (including 58 ETH addresses and administrator verification address identifiers), 48,536 Gamma market metadata, over 250,000 active CLOB market fixed product market maker addresses, and 9,000 social graph data of followers.

The toolkit contains proof-of-concept code for multiple vulnerabilities, including CVE-2025-62718 (Axios NO_PROXY bypass, CVSS 9.9, which can trigger server-side request forgery), CVE-2024-51479 (Next.js middleware authentication bypass, CVSS 7.5), and CORS misconfigurations. Additionally, the toolkit includes automated continuous pull scripts and a complete red team report.

You may also like

Semiconductor stocks plummet, yet Anthropic wants to create a 2nm chip

Abandoning TSMC and teaming up with Samsung. Anthropic launches a self-developed 2nm chip program, challenging Nvidia and starting a battle to break through computing power costs.

Where is Zhao Changpeng's billion-dollar investment going? YZi Labs' investment landscape fully revealed

Zhao Changpeng's billion-dollar new "family office" YZi Labs investment landscape revealed: 70% of the funds are committed to the crypto ecosystem, while 30% are cross-industry bets on AI and biotechnology, launching a new capital experiment in the post-Binance era.

Ethereum Foundation Report: A Basic Guide to Ethereum for Governments and Financial Institutions

The Ethereum Foundation has released this non-technical introductory report aimed at government officials, central banks, regulators, and corporate decision-makers, explaining how Ethereum works, how it is governed, how it differs from other blockchains, and how institutions and governments are alre...

A pre-announced harvesting case: After the cryptocurrency price dropped by 99%, the public chain Saga exited to transform into AI

True failure often isn't a single price drop, but rather a pricing mechanism that repeatedly rewards those who tell stories while repeatedly punishing those who believe in the stories.

When American giants collectively "defect" from Chinese AI models

Coinbase CEO publicly stated: the company has fully switched its AI to a Chinese model, cutting expenses in half while usage has doubled. Snowflake and Lindy are also doing the same thing—an unnoticed "AI model migration wave" is happening.

BIS Report Compliance Observation: The Real Risks of Stablecoins, Not Just "Depegging"

The issue with stablecoins is not just whether their price will decouple, but whether they can be integrated into a recognizable, monitorable, accountable, and regulated financial system.

Popular coins

Latest Crypto News

Read more
iconiconiconiconiconiconicon
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com