Poloniex, a well-known cryptocurrency exchange, experienced a cybersecurity breach resulting in the loss of approximately $126 million worth of assets.
The incident was first flagged by PeckShield on X (formerly Twitter) on November 10, 2023. After PeckShield's post drew attention to the suspicious activity related to Poloniex's hot wallet, Poloniex customer support announced that they had disabled their wallet for maintenance. This announcement came 11 minutes after PeckShield's alert.
On that same day(less than an hour after the tip-off) Justin Sun the founder of Tron and majority owner of Poloniex officially confirmed the hack, Sun also revealed that investigations have started and assured users that affected funds will be reimbursed as “Poloniex maintains a healthy financial position” he made these known in a post via his X account.
The malicious actors initiated the attack with a withdrawal of 4,900 ETH(worth $10 million) from Poloniex, this was followed by an array of withdrawals.
The hackers withdrew ETH, TRON, AAVE, BTC and stablecoins( USDT, TUSD) as well as meme coins including PEPE, FLOKI, SHIB, etc.
Data collected by Arkham Intelligence revealed that the hackers stole 875 BTC and over 288 million TRX( Tron's native token) bringing the total value of stolen assets to about $126 million.
Records from Etherscan show a transaction where the hacker mistakenly sent $2.5 million worth of stolen GLM (GLEM tokens) to GLEM's contract address instead of their secondary address which they control making those tokens impossible for them to recover.
After assets are sent to the attacker's wallet they are sent to a second wallet before finally getting swapped primarily to USDC via the swapping feature on MetaMask.
Although investigations are still ongoing, speculations are pointing to private key compromise as the cause of the hack.
After confirming the attack Justin Sun made it known in the same post that Poloniex is "exploring opportunities for collaboration with any other exchanges to facilitate the recovery of these funds".
This seems to have paid off because less than 5 hours after the confirmation post he announced that the Poloniex team had successfully identified and frozen a portion of assets associated with the hacker's addresses.
Justin Sun and Poloniex had earlier offered a White hat bounty of 5% to the hackers with a 7-day ultimatum after which they would engage law enforcement.
Depositing/withdrawing into/from the exchange was disabled although the Poloniex trading system is still running smoothly.
Poloniex announced that an audit has begun (and it's still ongoing) to fortify their security after which Poloniex will resume full services.
At the time of writing Poloniex had facilitated $864 million worth of trading volume over the past 24 hours and information about the exchange's reserve is unavailable according to CoinGecko.
This is the second time an exchange associated with Justin Sun has been exploited this year with the first being HTX (formerly Huobi) where Sun is an ‘advisor’. HTX was exploited in late September when hackers stole $8 million in ETH only to return it two weeks later.
[Author’s Note: This article does not represent financial advice, everything written here is strictly for educational and informational purposes. Please do your own research before investing.]
Author: Godwin Okhaifo