The prediction market platform Polymarket is suspected of a data breach, with over 300,000 records and an exploit toolkit leaked
By: rootdata|2026/04/29 10:42:01
0
Share
The decentralized prediction market platform Polymarket is suspected to have been hacked, with the threat actor xorcat posting over 300,000 data records and a corresponding exploit toolkit on a well-known cybercrime forum.
It is reported that the attacker extracted data through undisclosed API endpoints, pagination bypass, and CORS misconfigurations in Polymarket Gamma and CLOB API. The leaked content includes: 10,000 users' complete personal information (including names, proxy wallets, and base addresses), 4,111 comments, 1,000 reports (including 58 ETH addresses and administrator verification address identifiers), 48,536 Gamma market metadata, over 250,000 active CLOB market fixed product market maker addresses, and 9,000 social graph data of followers.
The toolkit contains proof-of-concept code for multiple vulnerabilities, including CVE-2025-62718 (Axios NO_PROXY bypass, CVSS 9.9, which can trigger server-side request forgery), CVE-2024-51479 (Next.js middleware authentication bypass, CVSS 7.5), and CORS misconfigurations. Additionally, the toolkit includes automated continuous pull scripts and a complete red team report.
You may also like
Revisiting RWA: Nearly 50,000 people's first on-chain transaction was not Bitcoin, but stock indices and crude oil
The narrative of RWA is not about traditional finance trying to capture crypto users, but rather crypto trying to capture traditional users.
Altcoin Price Outlook 2026: The Rotation Is Coming — Just Not the Way You Think
Bitcoin dominance at 58%, Fear & Greed at 39. If you think altcoin season is dead, you're reading the wrong signals. Here's what the data actually says about what comes next.
Oracle: The Second Battlefield Behind the Prediction Market War
By 2026, the oracle track has essentially evolved from the early "data pipeline" into a "verifiable facts layer" that supports the entire on-chain economy, and prediction markets serve as a magnifying glass to observe the competition in this red ocean.
a16z's key bet: Kalshi's weekly trading volume approaches $3 billion, transitioning from "prediction games" to financial infrastructure, the market begins to price "uncertainty."
The evolution of prediction markets: from niche products to "uncertainty pricing" infrastructure
Morning Report | Galaxy Digital announces Q1 2026 financial report; Liquid completes $18 million Series A financing; Polymarket plans to bring major exchanges to the U.S
Overview of Important Market Events on April 28
From a banned economist to the new CEO of Xinhua: Fu Peng has figured out the second half of traffic
This uproar in the crypto circle appears to be a cultural conflict between a traditional economist and a crypto OG, but looking deeper, it is merely the new fire leveraging Fu Peng's influence in the traditional financial sector to pry open a batch of client funds that were originally difficult to r...
Why Private Credit Became the First True Bridge from TradFi to DeFi
Unveiling the core logic of private credit leading RWA: it is no longer just simple tokenization, but rather a true reshaping of the practical value of asset on-chain through real returns and deep integration with the DeFi ecosystem.
Senior cryptocurrency investor: Blockchain is showing a siphoning effect on capital
Stablecoins are the first real-world assets on the blockchain, but they will not be the last. Every billion dollars in stablecoins generates $12.2 billion in economic activity and $19 million in protocol revenue annually; once capital is on the blockchain, it gains productivity and does not go back.
When traditional crypto derivatives start to subtract: Insights from Hyper Trade's products
Say goodbye to complex contracts, as crypto derivatives begin to "subtract": This article breaks down how Hyper Trade reduces hardcore risk pricing into "second-level multiple-choice questions," reshaping the trading experience for retail investors.
My view on blockchain has changed
In-depth Reflection on the Value of Blockchain Applications and the Time Dimension
Will AI Agents use bank cards? Why can't Agentic Payment avoid stablecoins and blockchain?
Why can't AI agents just swipe bank cards? An article to understand the new tiered payment system: stablecoins and blockchain are becoming the exclusive settlement language and verifiable trust foundation of the "machine economy" era.
Deconstructing 80 mainstream payment institutions and wallets worldwide
A comprehensive analysis of the global top 100 payment companies. Led by Alipay and WeChat, this article provides insights into the business logic and competitive advantages of over 80 top players.
The MiCA Fast Track for Cryptocurrency Licenses: Why OKX and BVNK Choose Malta
Countdown to the EU MiCA Licensing: Why do crypto giants like OKX choose Malta for their "first license"? A deep dive into the CASP license application process, business portfolio logic, and compliance pitfalls guide.
a16z Crypto: Stablecoins are rebuilding the global financial infrastructure
Stablecoins are evolving from cryptocurrency trading tools into a new infrastructure for global finance. They are not only changing cross-border payments but are also driving bank connectivity, corporate finance, foreign exchange liquidity, on-chain credit, and the globalization of the dollar into a...
ENI's RWA ambition: to create an enterprise-level BaaS platform that allows Web2 institutions to "go beyond just asset on-chain."
What are the differences between RWA 1.0 and RWA 2.0?
Morning Report | a16z releases global financial new stack report; Websea's withdrawal channel suspected of running away; Strategy purchased 3,273 bitcoins last week
Overview of Important Market Events on April 27
The most Crypto group of people is becoming the least Crypto
Hong Kong Carnival × Bangkok Money 20/20 Observation Notes
MSTR STRC In-depth Study: The BTC Financing Flywheel Behind the 11.5% Yield
STRC is a well-designed financing tool that transforms fixed income demand into buying pressure for Bitcoin.
Revisiting RWA: Nearly 50,000 people's first on-chain transaction was not Bitcoin, but stock indices and crude oil
The narrative of RWA is not about traditional finance trying to capture crypto users, but rather crypto trying to capture traditional users.
Altcoin Price Outlook 2026: The Rotation Is Coming — Just Not the Way You Think
Bitcoin dominance at 58%, Fear & Greed at 39. If you think altcoin season is dead, you're reading the wrong signals. Here's what the data actually says about what comes next.
Oracle: The Second Battlefield Behind the Prediction Market War
By 2026, the oracle track has essentially evolved from the early "data pipeline" into a "verifiable facts layer" that supports the entire on-chain economy, and prediction markets serve as a magnifying glass to observe the competition in this red ocean.
a16z's key bet: Kalshi's weekly trading volume approaches $3 billion, transitioning from "prediction games" to financial infrastructure, the market begins to price "uncertainty."
The evolution of prediction markets: from niche products to "uncertainty pricing" infrastructure
Morning Report | Galaxy Digital announces Q1 2026 financial report; Liquid completes $18 million Series A financing; Polymarket plans to bring major exchanges to the U.S
Overview of Important Market Events on April 28
From a banned economist to the new CEO of Xinhua: Fu Peng has figured out the second half of traffic
This uproar in the crypto circle appears to be a cultural conflict between a traditional economist and a crypto OG, but looking deeper, it is merely the new fire leveraging Fu Peng's influence in the traditional financial sector to pry open a batch of client funds that were originally difficult to r...
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com