Poloniex Crypto Exchange Just Got Hacked For Over $114 Million — A Post-mortem

Cryptocurrency Exchange Poloniex had its wallets drained in the second biggest Cryptocurrency hack of 2023. Over $114 million in ETH, TRX and other coins was siphoned from Poloniex’s Hot Wallet 4 by the attacker and distributed across multiple accomplice wallets.

The hackers seem to have timed this attack around the recent pump in the market, possibly to try and siphon as much liquidity as possible.

NOTE: If you’re a Poloniex user, the company has confirmed that user funds are 100% safe and have not been affected by the hack but you should probably consider moving your coins to another exchange or preferably a hardware wallet, at least temporarily.

Now let’s dive into this exploit, covering how it was discovered, what vulnerability was exploited, and what the aftermath of the attack is.

How was the Poloniex Hack Detected?

Around 10:55 UTC security firms, PeckShield and Cyvers flagged a potential exploit on Poloniex’s hot wallets. PeckShield published a relatively unassuming tweet, linking to one of the compromised wallets.