Multi-currency exchange, Poloniex, has announced today via its Twitter feed and on the BitcoinTalk forum that it has been hacked leading to bitcoins being stolen from the company. As a result, of the hack, Poloniex has temporarily halted trading on the exchange. According to their statement on the matter, 12.3% of Bitcoin at the exchange were stolen.
Poloniex explained that the hacker found a vulnerability in their code which was exploited in that multiple withdrawals could be entered at the same instant which would cause their database to reflect a Negative Balance , but would still authorize the transaction. Poloniex explained that their code included design errors in its accounting and security features that allowed for simultaneous withdrawals instead of process them sequentially. The exchange added that a feature in place to notice unusual withdrawal activity operated correctly, and alerted them to the problem.
In response to the theft, Poloniex’s operator, BitcoinTalk user Busoni, stated that the is taking responsibility of the theft and is “committed to repaying the debt of BTC.” However, he added that due to the shortfall of 12.3% of customer bitcoins, all balances will be hit with a 12.3% reduction in their funds. It was explained that this is being done to prevent a mass exodus of withdrawals which can’t fully be processed at this time.
Responding to the news on BitcoinTalk, many customers have been overly supportive of Poloniex and appreciated their honesty in the matter. However, there has been negative reaction to a potential hike in trading fees to make up for the lost funds. On Reddit though, opinion has been decidedly negative with users of the site questioning the security of the exchange as it had been hacked in the past as well as suggesting it was an inside job.
Overall, the negative news halts positive momentum Poloneix had gained after being among the first exchanges to begin to offer trading in auroracoin which had added exposure and customers to the platform. Looking ahead, Poloneix stated that it estimates withdrawals will be again available today, with a longer period of adding security fixes before trading will go back online.
(Image courtesy of Deviantart)