More than $100 million stolen from Poloniex crypto platform


Hackers stole more than $100 million from cryptocurrency trading platform Poloniex on Friday, taking off with millions worth of Bitcoin and Ethereum.

The platform confirmed on social media that it is investigating the theft and that it plans to fully reimburse those who were affected by the hack.

Poloniex said it would pay 5% of what was stolen as a bounty to the hacker in exchange for the return of the funds.

“We kindly request your response within the next 7 days to consider this offer before we involve law enforcement,” they said in a public message to the hacker.

“Additionally, we are exploring opportunities for collaboration with other partners to facilitate the recovery of these funds.”

The controversial company was founded in 2014 before being acquired in 2018 by Circle —- the crypto giant behind the U.S. dollar pegged coin USDC. The company was known for its laissez faire approach to customer controls and for allowing a wide variety of sometimes dubious coins to be traded on the platform.

Circle eventually sold the company 18 months later to Justin Sun, the controversial crypto entrepreneur who moved the company to the Seychelles islands in an effort to avoid regulations.

Sun sent his own message out about the hack investigation on Friday, arguing that the platform “maintains a healthy financial position and will fully reimburse the affected funds.”

“The Poloniex team has successfully identified and frozen a portion of the assets associated with the hacker’s addresses. At present, the losses are within manageable limits, and Poloniex’s operating revenue can cover these losses,” he said.

Blockchain security firms had varying tallies for how much was stolen from the platform. Researchers at PeckShield said about $125 million was stolen, including $56 million worth of ETH, $48 million worth of Sun’s TRX coin and $18 million of BTC.

Another security firm, Slow Mist, explained that the losses added up to about $130 million, noting that in addition to the larger coins stolen, millions worth of less valuable coins were also taken during the incident.

Experts at crypto security firm Beosin pegged the losses at $114 million.

The platform handles millions worth of crypto trades each day, facilitating more than $500 million worth of cryptocurrency in the last 24 hours, according to CoinMarketCap.

The attack on Poloniex comes after a relative lull in crypto platform attacks following months of headline-grabbing incidents.

In August, millions worth of coins were stolen from Exactly Protocol and Harbor Protocol. Vyper — one of the most popular Web3 programming languages – was exploited by hackers who ended up stealing at least $61 million worth of cryptocurrency earlier this year.

U.S. law enforcement agencies believe North Korea’s Lazarus hacking group has been one of the primary drivers of attacks on cryptocurrency platforms, using billions in stolen crypto to allegedly fund its nuclear weapons program.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

More than $100 million stolen from Poloniex crypto platform

Next Post

CISA, FBI warn that Royal ransomware gang may rebrand as ‘BlackSuit’

Related Posts

ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models

ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. "Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device,"
Read More