Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
AI infrastructure, Gate MCP, Skills, and CLI
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
GateRouter
Smartly choose from 30+ AI models, with 0% extra fees
Prediction market platform Polymarket suspected of data breach, over 300k records and vulnerability exploit toolkit leaked
Deep Tide TechFlow News. On April 29, 2026, Dark Web Informer reported that the decentralized prediction market platform Polymarket is suspected to have been hacked. The threat actor xorcat posted more than 300,000 data records and a corresponding vulnerability exploitation toolkit on a well-known cybercrime forum. The date the data was extracted was April 27, 2026.
It is alleged that the attacker extracted data through undisclosed API endpoints, pagination bypasses, and CORS error misconfigurations in the Polymarket Gamma and CLOB APIs. The leaked content includes: 10,000 users’ complete personal information (including names, proxy wallets, and base addresses), 4,111 comments, 1,000 report records (including 58 ETH addresses and an admin authentication address identifier), 48,536 Gamma market metadata entries, more than 250,000 fixed product market maker addresses for active CLOB markets, and social graph data for 9,000 followers.
The toolkit includes proof-of-concept code for multiple vulnerabilities, involving CVE-2025-62718 (Axios NO_PROXY bypass; CVSS 9.9; can trigger server-side request forgery), CVE-2024-51479 (Next.js middleware authentication bypass; CVSS 7.5), and CORS error misconfigurations. In addition, the toolkit also includes automated continuous data-pulling scripts and a complete red team report (including MITRE ATT&CK mappings).
xorcat stated that Polymarket had not set up a bug bounty program and had not received any notification in advance. As of now, Polymarket has not issued any public response.