The cryptocurrency exchange Poloniex has fallen victim to a massive hot wallet hack, resulting in an estimated loss of a staggering $114 million. The exploit, flagged by blockchain security firms PeckShield and Cyvers, has prompted Poloniex to disable its wallet for maintenance.
On November 10, 2023, blockchain security firms PeckShield and Cyvers raised red flags about a suspected hack targeting Poloniex's hot wallets, according to a report by Coindesk. The exchange promptly responded by announcing it had disabled its wallets for maintenance 12 minutes later.
Confirmation of the hack came from Poloniex’s investor and Tron’s Founder, Justin Sun. In a tweet, Sun assured affected users that Poloniex maintains a healthy financial position despite the substantial loss.
He pledged full reimbursement for the affected users. Besides that, Sun has offered a "white hat bounty" to the hacker responsible, with a seven-day deadline before it involves law enforcement agencies.
Coordinated Attacks on Multiple Blockchains
The hack became evident after on-chain data revealed that various wallets across multiple blockchains had been targeted. An Ethereum wallet dubbed the "Poloniex hacker" executed a series of 357 transactions, siphoning off $114 million worth of tokens from Poloniex.
Simultaneously, a wallet on the Tron blockchain sent approximately $42 million to various destinations. This incident is the latest in a series of high-profile crypto exchange hacks. Recent breaches have occurred at HTX, Gdac, and Deribit, with losses ranging from $8 million to $28 million.
Blockchain data Arkham Intelligence, as cited by Decrypt, revealed the theft of over 288 million TRX and 865 Bitcoin, adding up to the staggering total of $126 million. Additionally, $2.5 million in stolen Golem tokens was accidentally sent to the token contract instead of the intended secondary addresses in the security breach.
Poloniex Faces Regulatory Hurdles
Recently, Poloniex agreed to a settlement of $7.6 million with the US Department of the Treasury's Office of Foreign Assets Control (OFAC). The settlement is related to alleged violations of US sanctions, wherein Poloniex allowed customers from sanctioned regions, including Crimea, Cuba, Iran, Sudan, and Syria, to trade digital assets between January 2014 and November 2019.
The alleged violations, spanning from January 2014 to November 2019, amounted to nearly 66,000 instances, with the sanctioned customers in the region trading over $15.3 million in digital assets.
OFAC emphasized that Poloniex allowed these activities despite having knowledge of the customers' locations through its KYC and IP address data.