The prediction market platform Polymarket is suspected of a data breach, with over 300,000 records and an exploit toolkit leaked

The decentralized prediction market platform Polymarket is suspected to have been hacked, with the threat actor xorcat posting over 300,000 data records and a corresponding exploit toolkit on a well-known cybercrime forum.

It is reported that the attacker extracted data through undisclosed API endpoints, pagination bypass, and CORS misconfigurations in Polymarket Gamma and CLOB API. The leaked content includes: 10,000 users' complete personal information (including names, proxy wallets, and base addresses), 4,111 comments, 1,000 reports (including 58 ETH addresses and administrator verification address identifiers), 48,536 Gamma market metadata, over 250,000 active CLOB market fixed product market maker addresses, and 9,000 social graph data of followers.

The toolkit contains proof-of-concept code for multiple vulnerabilities, including CVE-2025-62718 (Axios NO_PROXY bypass, CVSS 9.9, which can trigger server-side request forgery), CVE-2024-51479 (Next.js middleware authentication bypass, CVSS 7.5), and CORS misconfigurations. Additionally, the toolkit includes automated continuous pull scripts and a complete red team report.