TL;DR:
- The prediction market platform called the allegations “complete and utter nonsense” and assured that there was no compromise of its internal systems.
- The alleged attacker claimed to have obtained 300,000 records, but the company demonstrated that these are data legally collected through its public APIs.
- Cybersecurity experts support the official version, noting that the incident is actually “web scraping” of open information on the blockchain.
Strong rumors of insecurity, published on Dark Web forums, caused the decentralized finance ecosystem to shudder, but in a short time Polymarket stepped up and denied the alleged data leaks. A threat actor under the pseudonym “xorcat” claimed to have extracted sensitive information from more than 300,000 records, including names and wallet addresses.
Complete & utter nonsense.
— Polymarket Developers (@PolymarketDevs) April 28, 2026
The company’s response was forceful. They took the time to explain that the data cited by the hacker was already publicly accessible through their APIs and on-chain records of the blockchain. Consequently, the firm argued that what the hacker presents as a theft is simply a collection of information that any developer can legitimately consult.
The inherent transparency of blockchain-based systems allows transaction histories to be auditable by anyone. Due to this open architecture, the platform mocked the attacker’s claims, suggesting that they tried to sell as a “leak” what is actually a process of collecting public data or “scraping.”
Dismantling the attacker’s narrative and the Bug Bounty program
A critical point in the accusation was the supposed absence of a bug bounty program; the hacker took advantage of this to justify the leak. However, this version lost credibility when Polymarket confirmed that this program has been active since mid-April and has already processed hundreds of requests.
Furthermore, independent security researchers expressed skepticism about the veracity of the massive attack, agreeing that there is no evidence of an intrusion into internal servers. Thanks to this technical support, the investment community has regained its calm, understanding that the platform’s Gamma and CLOB infrastructure remains robust.
Despite threats to release more information in the coming days, the platform’s stance remains firm in protecting the real privacy of its users. Therefore, the incident seems to be recorded as an extortion attempt based on data that was already part of the public domain of the crypto ecosystem.
The prediction market continues to operate normally while monitoring protocols are reinforced to avoid future confusion. The episode highlights the importance of distinguishing between the exposure of public data on the blockchain and a true breach of corporate information security.
