Cryptocurrency exchange Poloniex has fallen
victim to a massive hot wallet hack, resulting in an estimated loss of a
staggering $114 million. The exploit, flagged by blockchain security firms
PeckShield and Cyvers, has prompted Poloniex to disable its wallet for
maintenance.
At around 10:55 UTC on November 10, 2023,
blockchain security firms PeckShield and Cyvers raised red flags about a
suspected hack targeting Poloniex’s hot wallets, according to a report by
Coindesk. The exchange promptly responded by announcing the disabling of its
wallets for maintenance 12 minutes later.
Confirmation of the hack came from Poloniex’s
investor and Tron’s Founder, Justin Sun. In a tweet, Sun assured affected users
that Poloniex, despite the substantial loss, maintains a healthy financial
position.
We are currently investigating the Poloniex hack incident. Poloniex maintains a healthy financial position and will fully reimburse the affected funds. Additionally, we are exploring opportunities for collaboration with other exchanges to facilitate the recovery of these funds.
— H.E. Justin Sun 孙宇晨 (@justinsuntron) November 10, 2023
He pledged full reimbursement for the affected
users. Besides that, Sun has offered a “white hat bounty” to the
hacker responsible, with a seven-day deadline before involving law enforcement agencies.
The hack became evident after on-chain data revealed
that various wallets across multiple blockchains had been targeted. An Ethereum
wallet dubbed the “Poloniex hacker” executed a series of 357
transactions, siphoning off $114 million worth of tokens from Poloniex.
Simultaneously, a wallet on the Tron blockchain sent
approximately $42 million to various destinations. This incident is the latest in a series
of high-profile crypto exchange hacks. Recent breaches have occurred at HTX,
Gdac, and Deribit, with losses ranging from $8 million to $28 million.
Our wallet has been disabled for maintenance. We will update this thread once the wallet has been re-enabled.
— Poloniex Customer Support (@PoloSupport) November 10, 2023
Blockchain data Arkham Intelligence, as cited by
Decrypt, revealed the theft of over 288 million TRX and 865 Bitcoin, adding
up to the staggering total of $126 million. Additionally, $2.5 million in
stolen Golem tokens (GLM) was accidentally sent to the token contract instead
of the intended secondary addresses in the hack on Poloniex.
Poloniex Faces Regulatory Hurdles
Recently, Poloniex agreed to a hefty settlement of$7.6 million with the US Department of the Treasury’s Office of Foreign Assets
Control (OFAC). The settlement is related to alleged violations of US sanctions,
wherein Poloniex allowed customers from sanctioned regions, including Crimea,
Cuba, Iran, Sudan, and Syria, to engage in digital asset trading between
January 2014 and November 2019.
The alleged violations, spanning from January 2014
to November 2019, amounted to nearly 66,000 instances, with the sanctioned
customers in the region trading over $15.3 million in digital assets.
OFAC emphasized that Poloniex
allowed these activities despite having knowledge of the customers’ locations
through Know Your Customer information and IP address
data.
Cryptocurrency exchange Poloniex has fallen
victim to a massive hot wallet hack, resulting in an estimated loss of a
staggering $114 million. The exploit, flagged by blockchain security firms
PeckShield and Cyvers, has prompted Poloniex to disable its wallet for
maintenance.
At around 10:55 UTC on November 10, 2023,
blockchain security firms PeckShield and Cyvers raised red flags about a
suspected hack targeting Poloniex’s hot wallets, according to a report by
Coindesk. The exchange promptly responded by announcing the disabling of its
wallets for maintenance 12 minutes later.
Confirmation of the hack came from Poloniex’s
investor and Tron’s Founder, Justin Sun. In a tweet, Sun assured affected users
that Poloniex, despite the substantial loss, maintains a healthy financial
position.
We are currently investigating the Poloniex hack incident. Poloniex maintains a healthy financial position and will fully reimburse the affected funds. Additionally, we are exploring opportunities for collaboration with other exchanges to facilitate the recovery of these funds.
— H.E. Justin Sun 孙宇晨 (@justinsuntron) November 10, 2023
He pledged full reimbursement for the affected
users. Besides that, Sun has offered a “white hat bounty” to the
hacker responsible, with a seven-day deadline before involving law enforcement agencies.
The hack became evident after on-chain data revealed
that various wallets across multiple blockchains had been targeted. An Ethereum
wallet dubbed the “Poloniex hacker” executed a series of 357
transactions, siphoning off $114 million worth of tokens from Poloniex.
Simultaneously, a wallet on the Tron blockchain sent
approximately $42 million to various destinations. This incident is the latest in a series
of high-profile crypto exchange hacks. Recent breaches have occurred at HTX,
Gdac, and Deribit, with losses ranging from $8 million to $28 million.
Our wallet has been disabled for maintenance. We will update this thread once the wallet has been re-enabled.
— Poloniex Customer Support (@PoloSupport) November 10, 2023
Blockchain data Arkham Intelligence, as cited by
Decrypt, revealed the theft of over 288 million TRX and 865 Bitcoin, adding
up to the staggering total of $126 million. Additionally, $2.5 million in
stolen Golem tokens (GLM) was accidentally sent to the token contract instead
of the intended secondary addresses in the hack on Poloniex.
Poloniex Faces Regulatory Hurdles
Recently, Poloniex agreed to a hefty settlement of$7.6 million with the US Department of the Treasury’s Office of Foreign Assets
Control (OFAC). The settlement is related to alleged violations of US sanctions,
wherein Poloniex allowed customers from sanctioned regions, including Crimea,
Cuba, Iran, Sudan, and Syria, to engage in digital asset trading between
January 2014 and November 2019.
The alleged violations, spanning from January 2014
to November 2019, amounted to nearly 66,000 instances, with the sanctioned
customers in the region trading over $15.3 million in digital assets.
OFAC emphasized that Poloniex
allowed these activities despite having knowledge of the customers’ locations
through Know Your Customer information and IP address
data.