Probing the $60M Poloniex Hack

Poloniex, one of the oldest existing crypto exchanges, has been hacked today, resulting in the loss of about $60M in crypto asset funds. As of press time, the hacker 0x0a59 has been siphoning various altcoins from the Poloniex-owned hot wallet 0xa910.

The hacker started exploiting Poloniex at around 11 AM UTC. The lost funds included 11M in $USDT, which the hacker sent to the address 0x5c2a and then exchanged for $ETH, and 4.98M $USDC, which was sent to 0x8e4a, as well as altcoins such as $ELON, $SHIB, and $WBTC.

Here's a screenshot of the ongoing transactions for transferring tokens from Poloniex to the hacker:

In addition, the Poloniex hacker started buying $TRX with $USDC on Ethereum and with $USDT on Tron, acquiring a total of 206.73M $TRX ($22.8M) so far. These transactions have at least partially affected $TRX's price, resulting in a sudden increase. Notably, Poloniex is owned by a consortium that includes Tron founder Justin Sun.

Meanwhile, in one of the more odd actions during the Poloniex attack, the hacker also transferred about 10.5M $GLM tokens ( ($2.56M) to the token contract, essentially burning the tokens in the process.

Poloniex's first statement said: "Our wallet has been disabled for maintenance. We will update this thread once the wallet has been re-enabled."

In a separate statement, Poloniex part-owner Justin Sun vowed that the exchange would fully reimburse the funds affected by the hack. He later offered a 5% white hat bounty to the Poloniex hacker, the same tactic he made for the HTX hack last month.

Following Justin's post, Poloniex confirmed the white hat bounty and said it is giving the hacker 7 days to cooperate with the exchange or risk involving law enforcement.

One of the pioneer crypto exchanges, Poloniex was founded in 2014. During the same year, the exchange lost 12.3% of its Bitcoin funds in another hack. This did not stop Poloniex from being one of the more recognized crypto exchange brands in the space. Poloniex's latest security-related incident came at the end of December 2019, when the exchange admitted to its users that their account information had been included in a data leak.

Aside from the addresses mentioned above, other addresses related to the Poloniex hack include: 0x6ce8, 0x93f6, 0x97BE, 0xccda, 0x6FDc, 0x9E3b, 0xeFcF, 0x3FcB, 0x7eF9, 0x32e2, and 0x17b8.

For more information on the Poloniex hack and the entities involved in it, you can check this Scopescan entity dashboard that the 0xScope team created about the attack.

This story is developing, the 0xScope team will add more details when they come.

‍