Pages:
Author

Topic: My poloniex account got hacked. Check yours (Read 2133 times)

sr. member
Activity: 364
Merit: 250
Owner of Poloniex
March 02, 2014, 06:40:55 PM
#23
I just saw this thread.

First of all, I really can't think of a way someone could possibly confirm withdrawals without email access. However, people who still aren't using 2FA should realize that someone with access to your account doesn't even need to withdraw to steal your money. There are some thinly traded markets on Poloniex--all they would have to do is use your funds to buy up an order book and fill some absurd order like 1 IFC for 1 LTC.

This is why there is 2FA. It really is important. All an exchange can do is offer you the option to be secure--it's up to you to use those options.
hero member
Activity: 560
Merit: 504
I know the voices in my head aren't real.
this same thing happened on BTC-E a few months ago and no one could figure it out. im still not sure if anyone actually found out what happened. it seemed like it happened from the server end but BTC-E never admitted anything. they bypassed 2FA and confirmation emails and made withdrawls, which BTC-E said could not happen.
legendary
Activity: 1134
Merit: 1002
Actually the hacker, first hacked my email and then sent forgot my password to all the exchanges I trade with.

Once he got the password reset, he basically sold all my altcoins to BTC and then transferred them to his wallet.

He also deleted all the email confirmations from the mail inbox.
I actually noticed the unable to login with poloniex couple of times, but since poloniex was wobbly at that time, i thought it was a server issue.

Altogether I lost around 6LTC and 0.06BTC

Thanks.

sad to hear that Sad
sr. member
Activity: 364
Merit: 250
dinkimole nokkalle...
Actually the hacker, first hacked my email and then sent forgot my password to all the exchanges I trade with.

Once he got the password reset, he basically sold all my altcoins to BTC and then transferred them to his wallet.

He also deleted all the email confirmations from the mail inbox.
I actually noticed the unable to login with poloniex couple of times, but since poloniex was wobbly at that time, i thought it was a server issue.

Altogether I lost around 6LTC and 0.06BTC

Thanks.
legendary
Activity: 1134
Merit: 1002
How much have you lost?
hero member
Activity: 532
Merit: 500
next time don't manually type your password, use the "remember me" from google, or just scan with malwarebyte, it destroy every trojan or keylogger

I use AntiLogger, which encrypts keystrokes.
legendary
Activity: 3248
Merit: 1070
next time don't manually type your password, use the "remember me" from google, or just scan with malwarebyte, it destroy every trojan or keylogger

No, most keyloggers or rats have stored password list, so if that's the case they can get it easier from that method..

didn't know about that
newbie
Activity: 12
Merit: 0
next time don't manually type your password, use the "remember me" from google, or just scan with malwarebyte, it destroy every trojan or keylogger

No, most keyloggers or rats have stored password list, so if that's the case they can get it easier from that method..
sr. member
Activity: 295
Merit: 250
I've got 2FA enabled, but when I login I currently don't get asked to enter the code - the email/password form just redirects to itself. Pretty sure password is OK as pasting it from a password manager.

+1 to only keeping long term things in your own wallet.
legendary
Activity: 3248
Merit: 1070
next time don't manually type your password, use the "remember me" from google, or just scan with malwarebyte, it destroy every trojan or keylogger
newbie
Activity: 42
Merit: 0
Did you have 2 factor authenticiation enabled?
hero member
Activity: 532
Merit: 500
I think it should be made very clear that this was a PC vulnerability, not an exchange vulnerability.

The exchange didn't get hacked. Your computer did. Unless you had a very easy to guess/bruteforce password.
legendary
Activity: 924
Merit: 1000
And Poloniex goes down...Hmm...
hero member
Activity: 826
Merit: 1001
@Bit_John
He still should have received the email confirmation.

He Likely did get the email typically these start with user getting malware (keylogger) Gets into exchange gets into email. Hacker comes along now has login info sells it off withdraws deletes the confirm emails immediately so they don't get tipped off. IF you ask your mail provider they can likely verify they got the email and that it has been deleted.

So only way to prevent this is Strong 2FA recommend every use it and different passwords login info on all sites.
member
Activity: 114
Merit: 10
same thing happened to me, see my thread:
https://bitcointalk.org/index.php?topic=495565.new#new

but now I know what happened, poloniex is being DDOS'ed, as well as cryptorush.io
I had the same robberies happen at both places. They are DDOS'ing the sites, taking the login info, and, for me, stupidly, I used the same login info for my email as my login there. So they logged into my email to confirm the withdrawls.

Now I have 2 way authentication and different passwords, I HIGHLY RECOMMEND EVERYONE DO THIS RIGHT NOW IF YOU HAVENT ALREADY
sr. member
Activity: 539
Merit: 250
trojan wallet stealer?
newbie
Activity: 12
Merit: 0
How much did you lose? And the hacker may have removed the emails afterwards, so you wouldn't know right?
full member
Activity: 196
Merit: 100
★Bitvest.io★ Play Plinko or Invest!
If you are keeping coins on an exchange, you need to have 2FA set up.  

^^  THIS  ^^

If you don't you're begging people to steal from you.

You shouldn't "keep" them on an exchange though.  Only put coins on an exchange that you intend on trading in a reasonably short period of time.  You don't want to get Goxxed if/when the exchange tanks.
sr. member
Activity: 380
Merit: 250
He still should have received the email confirmation.
hero member
Activity: 1792
Merit: 507
Keylogger?
Pages:
Jump to: