TechFlow News, April 29: According to Dark Web Informer, the decentralized prediction market platform Polymarket is suspected of having been hacked. The threat actor “xorcat” posted over 300,000 data records and a corresponding exploit toolkit on a well-known cybercrime forum. The data was extracted on April 27, 2026.
Reportedly, the attacker extracted data via an undisclosed API endpoint, pagination bypasses, and misconfigured Cross-Origin Resource Sharing (CORS) in Polymarket Gamma and the CLOB API. The leaked data includes: full personal information for 10,000 users (including names, proxy wallets, and base addresses); 4,111 comments; 1,000 moderation reports (including 58 ETH addresses and administrator authentication address identifiers); metadata for 48,536 Gamma markets; fixed-product market maker addresses for over 250,000 active CLOB markets; and social graph data for 9,000 followers.
The toolkit contains proof-of-concept code for multiple vulnerabilities, including CVE-2025-62718 (Axios NO_PROXY bypass, CVSS 9.9, enabling Server-Side Request Forgery), CVE-2024-51479 (Next.js middleware authentication bypass, CVSS 7.5), and CORS misconfigurations. Additionally, the toolkit includes automated continuous data-extraction scripts and a comprehensive red-team report (with MITRE ATT&CK mapping).
