Cryptocurrency exchange Poloniex was the victim of a massive security breach on November 10 that resulted in over $126 million worth of crypto assets being stolen from the company’s hot wallets.
According to on-chain data and confirmation from Poloniex owner Justin Sun, the hack targeted wallets across multiple blockchains including Ethereum, Tron, and Bitcoin.
- Poloniex, a cryptocurrency exchange owned by TRON founder Justin Sun, suffered a hack resulting in over $126 million worth of crypto assets being stolen.
- The hack targeted Poloniex hot wallets across multiple blockchains including Ethereum, Tron, and Bitcoin. Over $114 million was drained from an Ethereum wallet alone.
- Stablecoins like USDT and meme coins like SHIB were among the assets stolen, in addition to ETH and BTC.
- The hacker quickly moved the funds through various wallets, swapped some to USDC, and may have accidentally burned $2.5 million in Golem tokens.
- Justin Sun confirmed the hack on Twitter, stating Poloniex will fully reimburse affected users. He offered a 5% “white hat” bounty to the hacker.
- Poloniex initially claimed it disabled wallets for maintenance before admitting to the hack.
- The vector of the hack is still unknown but possibilities include compromised private keys, malware, or social engineering.
- Crypto exchange hacks remain common, though Poloniex’s loss of over $126 million is among the largest exchange breaches.
The hack first came to light when blockchain security firm PeckShield flagged suspicious transfers out of a Poloniex wallet. Further examination by blockchain analytics platforms revealed the scope of the incident.
— PeckShield Inc. (@peckshield) November 10, 2023
An Ethereum wallet associated with Poloniex saw more than $114 million drained in over 350 transactions. The stolen funds consisted of assets including ETH, Tether stablecoins USDT and TUSD, meme cryptocurrencies such as SHIB and FLOKI, and others.
Additionally, over 288 million TRX – the native token of Justin Sun’s blockchain Tron – worth $42 million was stolen from Tron wallets connected to Poloniex. On the Bitcoin blockchain, the hacker made off with 865 BTC valued at around $15 million.
In total, the losses are estimated to exceed $126 million, making this one of the largest hot wallet exchange hacks on record.
The hacker rapidly shuffled the stolen funds through multiple wallets in an apparent effort to obscure the trail. A portion of the loot was swapped into the stablecoin USDC using decentralized exchange protocols. However, the hacker appears to have accidentally sent $2.5 million in Golem tokens to a contract, rendering those funds irretrievable.
Poloniex’s official Twitter account initially claimed the exchange had temporarily disabled its wallet for maintenance before admitting a hack had taken place. Justin Sun later confirmed the breach, stating that Poloniex “will fully reimburse the affected funds” and was exploring collaboration with other exchanges to recover the stolen crypto.
We are offering a 5% white hat bounty to the Poloniex hacker. Please return the funds to the following ETH/TRX/BTC wallets. We will give you 7 days to consider this offer before we engage law enforcement.
ETH Wallet: 0x176F3DAb24a159341c0509bB36B833E7fdd0a132 TRX:…
— H.E. Justin Sun 孙宇晨 (@justinsuntron) November 10, 2023
The technique behind the hack is still unclear, but possibilities include compromised private keys, malware infection, or social engineering of exchange employees. Poloniex has offered a 5% “white hat” bounty to the hacker if the majority of funds are returned within a week.
While Poloniex has pledged to make its users whole, the massive breach raises serious questions around security practices at one of the crypto industry’s longest-running trading platforms. High-profile exchange hacks have become increasingly common in recent years, underscoring the risks posed by centralized custodians of digital asset funds.