Der Bedrohungsakteur xorcat behauptete (in einem Dark-Web-Forum), einen Verstoß gegen Polymarket begangen zu haben, und behauptete, ein Datenleck habe Auswirkungen auf mehr als 300.000 Benutzer. Zum jetzigen Zeitpunkt sind die Behauptungen noch ungeprüft und detaillierte technische Beweise wurden nicht öffentlich veröffentlicht. Wenn der Vorfall jedoch zutrifft, wirft er umfassendere Bedenken hinsichtlich der Art und Weise auf, wie Kryptoplattformen mit Benutzerdaten, Authentifizierungsabläufen und Integrationen von Drittanbietern umgehen. Plattformen wie Polymarket stützen sich oft auf eine Mischung aus Off-Chain-Diensten und On-Chain-Infrastruktur, die zusätzliche Angriffsflächen bieten kann, wenn sie nicht gut gesichert ist. Selbst eine teilweise Offenlegung von Benutzerdaten könnte für Phishing, Kontoübernahmeversuche oder gezielte Betrügereien innerhalb des Krypto-Ökosystems ausgenutzt werden. Es lohnt sich, genau auf etwaige offizielle Reaktionen, technische Ausfälle oder Anzeichen einer Kompromittierung zu achten.
Alleged Polymarket Breach: 300,000+ Records and Exploit Kit Leaked by ‘xorcat’
7 Kommentare
I am not a crypto doomer but the way the Trump admin has successfully bundled prediction markets with crypto is just awful for viability by the investing class, which you guys will never admit to being mandatory for widespread crypto adoption. Corruption muddies all waters. It’s a fucking shame.
> Ten thousand unique user profiles with names, pseudonyms, bios, profile images, proxy wallet addresses, and base wallet addresses. That last part matters because wallet addresses are pseudonymous on-chain, but once you tie them to a name and a profile image, the pseudonymity starts to collapse.
>
> There are also 9,000 follower profiles with similar detail, 4,111 comments with attached profile data, and 1,000 report records containing 58 unique ETH addresses. The inclusion of something called admin_auth_addr in the reports data is the kind of detail that raises questions about what else might have been accessible beyond what’s listed.
>
> On the market data side, the dump allegedly includes 48,536 markets from Polymarket’s Gamma system with full metadata, condition IDs, and token IDs, plus over 250,000 active CLOB markets with FPMM contract addresses, and 292 events with internal usernames and wallet addresses attached to the submitter and resolver roles. A hundred reward configurations are also included, complete with USDC contract addresses and daily payout rates.
I can’t read the word salad in the OP so I pasted the relevant part of the article. TLDR it’s a mass scrape of user profiles and orders.
Maybe we’ll discover the Trump admin insiders using top secret intel to make millions of perfectly timed bets.
Midnight solves this
Times the word „Trump“ appears in the lengthy article: 0
Times the word „Trump“ appears in the comments after only 40 minutes: 2/4
Reddit never fails.
It was inevitable. All these services – tradfi or crypto, govt or private – are really bad at securing data. They get a scolding and a fine. You, on the other hand, join a burgeoning data field of likely targets. AI is acceleratring everything including tracking you down by piecing together fragments of stolen data. We’re all exposed one way or another.
There’s no escape from this. AML laws dictate you must hand the data over to be able to transact. „For your own protection“, „Prevent terrorism“.
Now we’re all being terrorised. „Unintended consequences“, „Lessons will be learnt“. Absolute clown fest.
This info is already public on the chains and apis. But what I noticed on polymarket is they have some priveleged users with limited info on website and apis. Maybe this one they targeted.