Polymarket has been reportedly compromised, with over 300,000 records leaked.

CoinFeed reported on April 29th that, according to a disclosure by Dark Web Informer on the X platform, the decentralized prediction market platform Polymarket has been suspected of being compromised, with over 300,000 records and an exploit kit leaked to a cybercrime forum. The attackers claim the data was obtained through undocumented API endpoints, pagination bypasses, and CORS misconfigurations, with the extraction date being April 27, 2026. The leaked data includes approximately 10,000 user-identified profiles, 41,000 comments, 485,000 market metadata entries, 250,000 active CLOB markets, and 292 event submitter/resolver addresses. The attackers also provided proof-of-concept code for several vulnerabilities, including CVE-2025-62718 (CVSS 9.9), CORS misconfiguration, and CVE-2024-51479 (CVSS 7.5).