Pages:
Author

Topic: Poloniex account hacked and all monies traded away,TICKET NUMBER #271818 (Read 6607 times)

hero member
Activity: 960
Merit: 514
OP?

Do you have API? Do you have 2FA? Do you think the hacker uses program or trade manually?
hero member
Activity: 960
Merit: 514
is this only happening in poloniex?
hero member
Activity: 960
Merit: 514
hero member
Activity: 960
Merit: 514
https://bitcointalksearch.org/topic/m.45981914

I just want to tell that I have the exact same problem.

The difference is the hacker uses trading API.

I want to know if there are other similar cases ANYWHERE

Why is this not on the news?

The hacker do NOT withdraw.

They just deliberately create losing trades.

Poloniex froze my account. I wonder if they managed to do so BEFORE the hacker withdraw the fund.

I hope they are cooperative enough and disclose all info they can about the hacker.

I still do not know how the hacker knows my API key and secret.
newbie
Activity: 238
Merit: 0
all the problems here seem serious and can not answer at all. I suggest you all better find out telegram contact so you can directly ask directly what is really happening. hopefully people who have lost assets can quickly return or get answers.
legendary
Activity: 3836
Merit: 4969
Doomed to see the future and unable to prevent it
full member
Activity: 154
Merit: 100
Not sure how true it was, but there was an exploit that was being sold to bypass F2A, but I'm not sure that it was getting into the account or just being able to withdraw without it.

It does seem suspicious, but I guess we'll have to wait and see what happens.  I've moved all my coins off the exchange.
newbie
Activity: 3
Merit: 0
Hi,

I also had a security breach even haven 2F activate, I posted a ticket, and since 12 days I haven't received any answer yet...
newbie
Activity: 29
Merit: 0
Thank you for getting in touch and please accept my apologies for the delay with this update.

I am very sorry but your account was compromised through your login credentials and the attacker traded on other markets with your funds. Unfortunately as you did not have 2FA enabled, these credentials were all the attacker required to be able to access your account.

We would like you to know that we are still investigating this very complex issue and there is a remote possibility that some of the stolen funds can be recovered.
 
We will do our best however there is no guarantee that this will be successful.
 
I am sorry again to hear that this unfortunate situation has occurred, however we would also like to advise you to please be very careful in the future with your operational security. Never use the same password on different sites, keep your email account and Poloniex account secured with 2FA and do not download any software to the computer you are handling your trading accounts with unless you are ABSOLUTELY sure it is safe.


Sincerely,
Poloniex Support Team

Ticket: https://poloniex.freshdesk.com/helpdesk/tickets/298363

this is what i got in reply from poloniex after 40 days.   My account is hacked almost in similar way,others have mentioned. going through the google searches , i found that these kind of "hack & unauthorized trades"
 happened in almost all of the cases between may to july end. now there is no reporting of cases like this . neither there was any before may. i seriously doubt it's an organized hack with the involvement of some insider


Did they manage to recover any of the funds for you? they have stopped responding to me!
newbie
Activity: 4
Merit: 0
Does anyone know the contact details for Poloniex, I have involved the law enforcement agency in the UK and they are having trouble finding their contact details!

Easy to find with google:

Poloniex, LLC
1013 Centre Road
Suite 403-B
Wilmington, DE 19801

Founder is Mr Tristan D'agosta

Thanks mate,

is there an email address for them for the Action Fraud to contact them?

From their official twitter account : [email protected]



[email protected]
14:42 (26 minutes ago)

to me
NOTICE:

This address is no longer monitored and you will not receive a response.

To contact Poloniex please visit: https://poloniex.com/contact
newbie
Activity: 4
Merit: 0
Thank you for getting in touch and please accept my apologies for the delay with this update.

I am very sorry but your account was compromised through your login credentials and the attacker traded on other markets with your funds. Unfortunately as you did not have 2FA enabled, these credentials were all the attacker required to be able to access your account.

We would like you to know that we are still investigating this very complex issue and there is a remote possibility that some of the stolen funds can be recovered.
 
We will do our best however there is no guarantee that this will be successful.
 
I am sorry again to hear that this unfortunate situation has occurred, however we would also like to advise you to please be very careful in the future with your operational security. Never use the same password on different sites, keep your email account and Poloniex account secured with 2FA and do not download any software to the computer you are handling your trading accounts with unless you are ABSOLUTELY sure it is safe.


Sincerely,
Poloniex Support Team

Ticket: https://poloniex.freshdesk.com/helpdesk/tickets/298363

this is what i got in reply from poloniex after 40 days.   My account is hacked almost in similar way,others have mentioned. going through the google searches , i found that these kind of "hack & unauthorized trades"
 happened in almost all of the cases between may to july end. now there is no reporting of cases like this . neither there was any before may. i seriously doubt it's an organized hack with the involvement of some insider
hero member
Activity: 487
Merit: 500
Does anyone know the contact details for Poloniex, I have involved the law enforcement agency in the UK and they are having trouble finding their contact details!

Easy to find with google:

Poloniex, LLC
1013 Centre Road
Suite 403-B
Wilmington, DE 19801

Founder is Mr Tristan D'agosta

Thanks mate,

is there an email address for them for the Action Fraud to contact them?

From their official twitter account : [email protected]


newbie
Activity: 29
Merit: 0
Does anyone know the contact details for Poloniex, I have involved the law enforcement agency in the UK and they are having trouble finding their contact details!

Easy to find with google:

Poloniex, LLC
1013 Centre Road
Suite 403-B
Wilmington, DE 19801

Founder is Mr Tristan D'agosta

Thanks mate,

is there an email address for them for the Action Fraud to contact them?
hero member
Activity: 487
Merit: 500
Does anyone know the contact details for Poloniex, I have involved the law enforcement agency in the UK and they are having trouble finding their contact details!

Easy to find with google:

Poloniex, LLC
1013 Centre Road
Suite 403-B
Wilmington, DE 19801

Founder is Mr Tristan D'agosta
newbie
Activity: 29
Merit: 0
Does anyone know the contact details for Poloniex, I have involved the law enforcement agency in the UK and they are having trouble finding their contact details!
sr. member
Activity: 700
Merit: 250
I do not intend to shock you but this is too much of a loss.

You have some blames though because poloniex use to send you an email with the login details including the ip address of the location that they login in from, you either not checking your email or poloniex account frequently.

This also happened to me but a little bit different, the hacker login into my account and sold off my altcoins to btc then moved my btc into the loan section whereby the funds no longer appear for trading but i can view it in my balance; i then reverse everything and change my password.

Lawsuit against poloniex might be a better option but you need to read their TOS first in order not to be blamed at the end of the judgement.

I am really sorry for your loss but take heart and dont get depressed because you can make more than that if you help yourself to stay alive.
newbie
Activity: 29
Merit: 0
My chain of communication with Poloniex

-----------------------------------------------------------------------------------------------
Hi xxxx,

I am very sorry that this has happened to you, however we have not had any breach of security on our side and this incident is specific to your individual account.  We can not be held responsible for any breach where the attacker has used your login details to gain access to your account.
 
Your greatest risk is an account breach due to your login credentials being stolen through phishing or social engineering, which is most likely the case here. This is why it is so important to have 2FA enabled on your account. Also critical: the email address the account is registered under needs to be carefully protected as well, including a unique password and 2FA. Ideally, these accounts should be accessed either from a dedicated computer or a computer that is used for as little else as possible. Any sort of remote access software, such as Team Viewer or VNC, should be completely removed.
 
It is not possible to reverse trades and if the funds have already since left our system/been withdrawn then unfortunately they will be gone forever due to the nature of blockchain technology.

Our compliance team are investigating this particular matter however and if it surfaces that we can recover any or all of your funds then we would indeed inform you of this in due course.

Thank you for understanding.


Best regards,

Kevin
Poloniex Support

Ticket: https://poloniex.freshdesk.com/helpdesk/tickets/271818


B
xxxx, said 4 days ago
Thanks Kevin,

Please let me know how long will it take for your compliance team to investigate this particular matter. Also please send me the evidence of who traded against me (the thief) and the evidence if the funds have since left the system. And if the funds have not left the exchange have you made any effort to block the thief's account and recover my funds. I would need all that information in the legal proceedings to follow. 

I did not have any security breach at my end and all my passwords Were secure. At the end of the day I have been a victim of a crime and exchange should do all it can to recover funds.

Thanks,

xxx
K
Kevin, said 4 days ago
Hi xxx,

First of all, your account details were not leaked by us. We have never had any data breach on our system. This has arisen from the attacker knowing your login details, most likely due to phishing or social engineering, or possibly even something so simple as a malicious browser extension.

With regards to your request, unfortunately we cannot disclose details of an account to a 3rd party without a subpoena from law enforcement.


Best regards,

Kevin
Poloniex Support



thats completely and utterly bulls"it, they have the power to freeze any account they like and they can easily track down who's account was doing this and freeze it, it seems to me they don't care about what this hacker is doing.

Thats true, I sent them a screen shot of trading graph and exact time of the attack, on the very illiquid pair. They still have not investigated this from the looks of it! totally outrageous





its beyond a joke. I've just updated my ticket to tell them my password was one of a kind, never used anywhere else, i never give my password to anyone, don't write it down anywhere, and Is used on a secure devise. if they was to actually bother they could freeze his/her account and recover the funds, they just can't be bothered. i still think these exchanges should insure everyones funds for such things, i would happily pay a monthly fee if they did such thing.

Do you think we should start a legal action? I have lost a lot because of this

i am from the U.K if you're also from U.K, i would defiantly be interested in starting legal action with you, i have also lost a lot due to this and its set me back a bit.

Yes, I am based in the UK as well, based in London, which city are you located in?

Okay thats great! we should be able to set something legal up, i am based in Hampshire a few hours away

Cool lets PM,
Anyone else in the region been a victim, the more the merrier, we could all join hands to start the legal proceedings

Any updates?
Maybe some victims from US, can make collective lawsuit in local court against Poloniex?

Indeed, please PM me if you want to join in, I will be starting legal action soon
newbie
Activity: 1
Merit: 0
My chain of communication with Poloniex

-----------------------------------------------------------------------------------------------
Hi xxxx,

I am very sorry that this has happened to you, however we have not had any breach of security on our side and this incident is specific to your individual account.  We can not be held responsible for any breach where the attacker has used your login details to gain access to your account.
 
Your greatest risk is an account breach due to your login credentials being stolen through phishing or social engineering, which is most likely the case here. This is why it is so important to have 2FA enabled on your account. Also critical: the email address the account is registered under needs to be carefully protected as well, including a unique password and 2FA. Ideally, these accounts should be accessed either from a dedicated computer or a computer that is used for as little else as possible. Any sort of remote access software, such as Team Viewer or VNC, should be completely removed.
 
It is not possible to reverse trades and if the funds have already since left our system/been withdrawn then unfortunately they will be gone forever due to the nature of blockchain technology.

Our compliance team are investigating this particular matter however and if it surfaces that we can recover any or all of your funds then we would indeed inform you of this in due course.

Thank you for understanding.


Best regards,

Kevin
Poloniex Support

Ticket: https://poloniex.freshdesk.com/helpdesk/tickets/271818


B
xxxx, said 4 days ago
Thanks Kevin,

Please let me know how long will it take for your compliance team to investigate this particular matter. Also please send me the evidence of who traded against me (the thief) and the evidence if the funds have since left the system. And if the funds have not left the exchange have you made any effort to block the thief's account and recover my funds. I would need all that information in the legal proceedings to follow. 

I did not have any security breach at my end and all my passwords Were secure. At the end of the day I have been a victim of a crime and exchange should do all it can to recover funds.

Thanks,

xxx
K
Kevin, said 4 days ago
Hi xxx,

First of all, your account details were not leaked by us. We have never had any data breach on our system. This has arisen from the attacker knowing your login details, most likely due to phishing or social engineering, or possibly even something so simple as a malicious browser extension.

With regards to your request, unfortunately we cannot disclose details of an account to a 3rd party without a subpoena from law enforcement.


Best regards,

Kevin
Poloniex Support



thats completely and utterly bulls"it, they have the power to freeze any account they like and they can easily track down who's account was doing this and freeze it, it seems to me they don't care about what this hacker is doing.

Thats true, I sent them a screen shot of trading graph and exact time of the attack, on the very illiquid pair. They still have not investigated this from the looks of it! totally outrageous





its beyond a joke. I've just updated my ticket to tell them my password was one of a kind, never used anywhere else, i never give my password to anyone, don't write it down anywhere, and Is used on a secure devise. if they was to actually bother they could freeze his/her account and recover the funds, they just can't be bothered. i still think these exchanges should insure everyones funds for such things, i would happily pay a monthly fee if they did such thing.

Do you think we should start a legal action? I have lost a lot because of this

i am from the U.K if you're also from U.K, i would defiantly be interested in starting legal action with you, i have also lost a lot due to this and its set me back a bit.

Yes, I am based in the UK as well, based in London, which city are you located in?

Okay thats great! we should be able to set something legal up, i am based in Hampshire a few hours away

Cool lets PM,
Anyone else in the region been a victim, the more the merrier, we could all join hands to start the legal proceedings

Any updates?
Maybe some victims from US, can make collective lawsuit in local court against Poloniex?
hero member
Activity: 487
Merit: 500

I did report it to police straight away, though police has done nothing yet, I do not think police even understands the complexity of the issue

Well chase them up. Here is some info about the UK's cyber crime unit:

http://www.nationalcrimeagency.gov.uk/about-us/what-we-do/national-cyber-crime-unit

P.S. To report a cyber crime, go to

http://www.actionfraud.police.uk/

Somebody know who to contact in the Netherlands?
full member
Activity: 210
Merit: 100
the modus operandi does seem honed, i as well as the other poster thought my account would be safe due to the email withdrawal, i never thought they could do such a thing. ive not lost any money as stopped using them a few weeks back, but very sad, as it clear it is a organised gang or someone with either insider knowledge or stolen data.
Pages:
Jump to: