Prediction market platform Polymarket is suspected of suffering a data breach, with over 300,000 records and a vulnerability exploit kit leaked.

According to Mars Finance, the decentralized prediction market platform Polymarket has been suspected of being hacked. Threat perpetrator xorcat released over 300,000 data records and a corresponding exploit kit on a well-known cybercrime forum. The attackers allegedly extracted data through undisclosed API endpoints, pagination bypasses, and CORS misconfigurations in the Polymarket Gamma and CLOB APIs. The leaked content includes: complete personal information for 10,000 users (including names, proxy wallets, and base addresses), 4,111 comments, 1,000 report records (including 58 ETH addresses and administrator authentication address identifiers), 48,536 Gamma market metadata entries, over 250,000 active CLOB market fixed-product market maker addresses, and social graph data for 9,000 followers. The toolkit contains proof-of-concept code for several vulnerabilities, including CVE-2025-62718 (Axios NO_PROXY bypass, CVSS 9.9, which can trigger server request forgery), CVE-2024-51479 (Next.js middleware authentication bypass, CVSS 7.5), and CORS misconfiguration. In addition, the toolkit includes an automated continuous fetch script and a complete red team report.