Introduction
On November 10, 2023, the cryptocurrency world was again shaken by a significant security breach targeting the prominent cryptocurrency exchange Poloniex. The incident resulted in the theft of over $120 million in digital assets, making it the second-largest private key compromise in 2023.
Source: Poloniex hacker’s first wallet address
The Attack Unfolds
The attack began with suspicious movements of funds originating from Poloniex hot wallets on Ethereum (ETH), Tron (TRX), and Bitcoin (BTC) blockchains. The hackers cleverly maneuvered the stolen assets through multiple wallets, obfuscating the trail and making it challenging to track their movements.
Anatomy of the Hack
The precise method employed by the attackers remains undisclosed. Still, it is believed that the hackers gained unauthorized access to Poloniex’s systems and found hot wallet private keys stored in the internal systems. Once inside, they escalated their privileges and breached the hot wallets, siphoning off a substantial amount of cryptocurrency.
The incident unfolded with suspicious fund movements from Poloniex’s hot wallets on Ethereum, Tron, and BTC. Most losses occurred on the Ethereum Network, while Tron and BTC witnessed movements through 70 hacker-woned cryptocurrency wallets. The funds have not been transferred from the hacker’s Bitcoin wallet.
The attacker’s strategy involved transferring stolen ERC-20 tokens to various wallets, followed by swapping these tokens for ETH. However, a crucial mistake occurred when dealing with GLM tokens, where over 10.5 million $GLM tokens valued at $2.6 million were erroneously sent to the Golem Network Token contract instead of being swapped for ETH. The funds remain within the token contract at the time of writing, suggesting a potential human error in copying the contract address.
A Breakdown of the Stolen Assets
The hackers’ meticulous planning and execution resulted in the theft of various cryptocurrencies, including BTC, ETH, and USDT. Most stolen funds were held on the Ethereum Network, with smaller amounts dispersed across TRX and BTC wallets.
Nansen, an on-chain data analytics firm, shared a Tweet showcasing the significant outflows by the hacked cryptocurrency exchange.
As reported by PeckShield, a blockchain security company, Poloniex experienced losses of $56 million on the Ethereum blockchain, along with an additional $48 million on the Tron network. Simultaneously, losses on the Bitcoin network amounted to 501 Bitcoin (BTC), equivalent to $18 million.
Impact Assessment
While the company plans to collaborate with law enforcement to trace the hacker, they have also extended an offer to the hacker. A 5% white hat bonus is proposed, provided the individual returns 95% of all funds to the exchange’s addresses within seven days.
The aftermath of the Poloniex hack reveals a complex web of asset tracing involving at least 681 wallets to move the stolen assets. Notably, 16 wallets have over $1 million, with the largest wallet holding $21.17 million.
Poloniex hacker wallet-6 snippet.
Justin Sun assured the investors that the cryptocurrency exchange maintains a robust financial position and that the impacted users would receive full compensation for their losses from the cryptocurrency exchange hack.
Resuming Exchange Operations
The Justin Sun-led cryptocurrency exchange he acquired in 2019 released an official blog on 15th November stating to resume the digital asset deposits and withdrawals for customers. The cryptocurrency exchange was halted for cybersecurity reasons.
Conclusion
The exploiter has not laundered any funds through privacy protocols or exchanges, underscoring the meticulous tracking and analysis conducted in the incident’s aftermath. The Poloniex hack, the second-largest private key compromise in 2023, contributes to November’s ranking as one of the highest months regarding funds lost to security incidents. Private key compromises are anticipated to remain a significant threat to Web3 security, especially with centralized institutions holding substantial assets and DeFi protocols having a comparatively lower overall value than the previous bull market.
About Olympix
Olympix is a pioneering DevSecOps tool that puts security in the hands of the developer by proactively securing code from day one.
Sign up for our beta program here.
Connect with us on:
Twitter — LinkedIn — Discord — Medium — Instagram — Telegram
