PUBLIC SERVICE ANNOUNCEMENT:
Everybody should exercise caution when doing withdrawals from Poloniex. Be sure you have email verification turned on, and that you carefully review the withdrawal address in the email before you confirm it. Saturday night I logged into Poloniex using my Galaxy S7 phone and copied/pasted my withdrawal address from my withdrawal history. Everything worked perfectly. About 45 minutes later, I went to withdraw again, and used the same procedure (copy/paste my address from the withdrawal history section). This time I didn't read the withdrawal confirmation email very carefully, and just clicked the link to authorize the withdrawal. The following morning I did another withdrawal from my phone, again copy/pasting the withdrawal address.
Well, the first and third withdrawals went fine. But the second withdrawal was sent to the wrong address: XiYy9fpSTwd35jsri6K2UetYtbJdt1APfh (not the "d8k" address I had pasted into the withdrawal box). When I created a ticket with Poloniex, I received an email back saying that I probably was infected with malware and there's nothing they can do. I emailed them back and requested an investigation, but haven't heard back yet.
Consider the following:
a) Malwarebytes and Norton both say my phone is clean, so if I do have malware on my phone it is evading detection.
b) I've done a number of withdrawals on my phone, including one before and one after this, and no other withdrawals have been tampered with. Do I have some form of malware that only works part of the time? Also, the withdrawals before and after were both twice the size of my "hacked" withdrawal.
These facts make me and some others in slack believe that it may have been an inside job by somebody who works for Poloniex. I'm not saying that Poloniex is doing anything wrong, but there may be a bad employee who is stealing from customers. I've asked Poloniex to do an actual investigation instead of just saying "we're sorry you were hacked" but so far I have not received a reply.
tl;dr BE VERY CAREFUL WITHDRAWING FUNDS FROM POLONIEX.You will get an email confirmation like the one below. I was stupid and didn't double check the address. ALWAYS DOUBLE CHECK THE ADDRESS.
A request to withdraw 116.31000000 DASH from your Poloniex account to address XiYy9fpSTwd35jsri6K2UetYtbJdt1APfh was just made.
To confirm the withdrawal, please click the following link:
https://poloniex.com/confirmWithdrawal?h=592abf5b6d884d35c6ce153295261873If you did not request this withdrawal, please contact Poloniex support immediately at poloniex.freshdesk.com.
Let me reiterate that I'm not accusing Poloniex of any wrongdoing at all. I'm simply encouraging everyone to carefully use the tools that Poloniex gives you in order to make sure this doesn't happen to you. I 100% accept that this was my fault for not carefully reading the withdrawal email.
To be clear, I don't intend to imply that there is a dishonest employee working at Poloniex, per se. I'm merely suggesting that something really weird happened and that is ONE of the possible causes. I'm pretty sure that Shapeshift.io thought none of their employees would ever steal either--until one did. All I'm asking them for is an investigation.
The reason I posted here was simple: to remind everyone to use the tools Poloniex gives you to ensure your withdrawals go through safely.
EDIT: The Poloniex customer service person on reddit sent me a very nice note and let me know they are looking doing a full investigation. Thanks Mike!
i buy this coin from 2014 
