PANews posted on X (formerly Twitter). According to @DarkWebInformer, Polymarket has reportedly been hacked, resulting in the exposure of over 300,000 records and a vulnerability toolkit being shared on a cybercrime forum. The attackers claim that the data was accessed on April 27, 2026, through undocumented API endpoints, pagination bypass, and CORS misconfigurations. The leaked information includes approximately 10,000 user identities, 41,000 comments, 485,000 market metadata entries, 250,000 active CLOB market data, and some addresses of event submitters and resolvers. Additionally, the attackers released several proof-of-concept codes for the vulnerabilities and noted that Polymarket lacks a bug bounty program and was not notified in advance.
Article
Polymarket Allegedly Hacked, Over 300,000 Records Exposed
--・
Disclaimer: Includes third-party opinions. No financial advice. May include sponsored content. See T&Cs.