I just saw the news about Polymarket being accused by hackers of data leaks, and it's kind of interesting. Someone claimed they stole over 300,000 records, including usernames, avatars, wallet addresses, and so on, but Polymarket directly refuted this, saying it's all nonsense and that the data has long been publicly available online.

Here's an interesting point—Polymarket said their data is originally on-chain, fully transparent and auditable. This isn't a vulnerability; it's a design feature. Developers and users can access the same information through free APIs, so there's no need for hackers to "steal" it. Security researchers also support this view, suggesting it might just be data parsing rather than a real database breach.

But this incident also reflects an old issue in the crypto space—how to balance on-chain transparency with user privacy. Even if technically the data is public, exposing sensitive information like usernames, avatars, and wallet addresses together can raise privacy concerns. The hackers claimed they exploited undocumented API endpoints and misconfigurations, which might be the real problem here.

Polymarket also mentioned that they launched a bug bounty program in mid-April and have received over 400 reports. It seems the platform is actively responding, but whether this hacker incident can be resolved depends on subsequent technical disclosures and the speed of fixes. Anyway, with recent frequent Web3 security incidents, everyone needs to be more cautious.