Cryptocurrency exchange Poloniex was the victim of a massive security breach on November 10 that resulted in over $126 million worth of crypto assets being stolen from the company’s hot wallets.
According to on-chain data and confirmation from Poloniex owner Justin Sun, the hack targeted wallets across multiple blockchains including Ethereum, Tron, and Bitcoin.
Major Cryptocurrency Exchange Suffers $126 Million Hack
Poloniex, a cryptocurrency exchange owned by TRON founder Justin Sun, suffered a hack resulting in over $126 million worth of crypto assets being stolen. The hack targeted Poloniex hot wallets across multiple blockchains including Ethereum, Tron, and Bitcoin. Over $114 million was drained from an Ethereum wallet alone.
Assets Stolen and Funds Moved
Stablecoins like USDT and meme coins like SHIB were among the assets stolen, in addition to ETH and BTC. The hacker quickly moved the funds through various wallets, swapped some to USDC, and may have accidentally burned $2.5 million in Golem tokens. Justin Sun confirmed the hack on Twitter, stating Poloniex will fully reimburse affected users. He offered a 5% “white hat” bounty to the hacker.
Hack Details and Response
Poloniex initially claimed it disabled wallets for maintenance before admitting to the hack. The vector of the hack is still unknown but possibilities include compromised private keys, malware, or social engineering. Crypto exchange hacks remain common, though Poloniex’s loss of over $126 million is among the largest exchange breaches.
The hack first came to light when blockchain security firm PeckShield flagged suspicious transfers out of a Poloniex wallet. Further examination by blockchain analytics platforms revealed the scope of the incident.
Hi @Poloniex, you may want to take a look: @justinsuntron
— PeckShield Inc. (@peckshield) November 10, 2023
Assets Stolen Across Multiple Blockchains
An Ethereum wallet associated with Poloniex saw more than $114 million drained in over 350 transactions. The stolen funds consisted of assets including ETH, Tether stablecoins USDT and TUSD, meme cryptocurrencies such as SHIB and FLOKI, and others. Additionally, over 288 million TRX – the native token of Justin Sun’s blockchain Tron – worth $42 million was stolen from Tron wallets connected to Poloniex. On the Bitcoin blockchain, the hacker made off with 865 BTC valued at around $15 million.
Hacker Techniques and Official Response
In total, the losses are estimated to exceed $126 million, making this one of the largest hot wallet exchange hacks on record. The hacker rapidly shuffled the stolen funds through multiple wallets in an apparent effort to obscure the trail. A portion of the loot was swapped into the stablecoin USDC using decentralized exchange protocols. However, the hacker appears to have accidentally sent $2.5 million in Golem tokens to a contract, rendering those funds irretrievable.
We are offering a 5% white hat bounty to the Poloniex hacker. Please return the funds to the following ETH/TRX/BTC wallets. We will give you 7 days to consider this offer before we engage law enforcement.
ETH Wallet: 0x176F3DAb24a159341c0509bB36B833E7fdd0a132 TRX:…— H.E. Justin Sun 孙宇晨 (@justinsuntron) November 10, 2023
The technique behind the hack is still unclear, but possibilities include compromised private keys, malware infection or social engineering of exchange employees. Poloniex has offered a 5% “white hat” bounty to the hacker if most funds are returned within a week.
The Takeaway – Security Risks in Crypto Exchanges
While Poloniex has pledged to make its users whole after this massive breach raises serious questions around security practices at one of crypto industry’s longest-running trading platforms. High-profile exchange hacks have become increasingly common in recent years — underscoring risks posed by centralized custodians of digital asset funds.