Poloniex, a cryptocurrency exchange affiliated with Justin Sun, experienced a substantial hack resulting in the loss of $126 million. This incident, which unfolded on a single day, marks a notable event in the realm of digital asset security.
The breach commenced on November 10, 2023 at 10:30 AM UTC, with an initial transaction draining 4900 ETH (valued at $10 million) from an address labeled 'Poloniex 4' on Etherscan. The attack extended across Ethereum, TRON, and BTC networks, with the total loss amounting to $126 million.
The hacker employed a sophisticated strategy, dispersing tokens among various addresses on Ethereum, which were then used to swap out tokens to ETH or further disperse them to new addresses. The largest asset losses included 33M USDT (22M on TRON and 11M on ETH), 4900 ETH on Ethereum, $18.6M of native BTC, and additional losses in BTC on TRON and USDC on Ethereum.
In an unexpected turn, the attacker's actions led to a 25% increase in the value of TRX when they swapped the stolen (and freezable) USDT on Tron to TRX. Additionally, in a rush to liquidate stolen assets, the attacker lost almost $2.6M worth of Golem Network’s GLM by transferring it directly to the token’s contract.
Following the attack, Justin Sun responded by promising to fully reimburse the affected funds and exploring collaboration opportunities with other exchanges for fund recovery. Poloniex also offered a 5% whitehat bounty and $4000 for identifying the hacker.
This incident underscores the ongoing challenges faced by cryptocurrency exchanges in securing digital assets against threat actors. It also highlights the importance of robust security measures and the need for continuous vigilance in the face of evolving attack vectors.