Topic: Poloniex account hacked and all monies traded away,TICKET NUMBER #271818 - page 2. (Read 6607 times)

thank-you very much! i shall report this now

I do not think poloniex can do anything for you....

Well chase them up. Here is some info about the UK's cyber crime unit:

http://www.nationalcrimeagency.gov.uk/about-us/what-we-do/national-cyber-crime-unit

P.S. To report a cyber crime, go to

http://www.actionfraud.police.uk/

Many thanks mate as this was my point of the original post not to say this and that but to help, as I said earlier 2FA is not mandatory and this may exactly be the same person who has robbed me. Makes me wonder if poloniex has done anything to stop this sort of attack. I suspect they have not even looked at my case where I sent them all the evidence to block the thief's account to recover my funds, what a shame

The exact same thing happen to me yesterday. Around 5000 EUR was drained out of my account.
First everything was transferred to BTC->XMR and afterwards traded on pairs with almost no liquidity.

I was completely sure my account was secure. Still have no idea how someone could access my password.

It doesn't help that Poloniex requires you to click a link in an email to withdraw. This gives you a false sense of security.
I was considering this to be my 2FA and never taught about this attack vector with low liquidity pairs.

I'm sure many more people fall victim to this attack that are not posting here. It's also a bit discouraging that Poloniex doesn't show even a bit of interest in fixing or informing users that this can happen. There are many simple things that they could do, just requiring an email confirmation when you first time trade something "strange". They have insight into the whole system, fraud detection should be one of their priorities. This looks like the most common attack right now.

I was lucky as I will survive without this money, but many others could have their lives destroyed. It's also sad to see the community react in such a victim blaming way. Saying, you should have done this or you should have done that. Why are you not as smart as me? Don't keep your money on an exchange!

This is not really helping anyone. We are all humans. Sometimes we forget to set up something (I should definitely change the brake-fluid in my car) or make mistakes. Why don't we work together to try to fix problems and save others? It's not someones fault to assume he is not going to get robbed.

Cool lets PM,
Anyone else in the region been a victim, the more the merrier, we could all join hands to start the legal proceedings

Cool lets PM,
Anyone else in the region been a victim, the more the merrier, we could all join hands to start the legal proceedings

Okay thats great! we should be able to set something legal up, i am based in Hampshire a few hours away

Yes, I am based in the UK as well, based in London, which city are you located in?

hello, i always double check the url before signing in and i have poloniex bookmarked so i only ever access it by this means to make sure i never go on a fishing site, i just want a reply or statement from polo i don't think its to much to ask for if I'm honest

i am from the U.K if you're also from U.K, i would defiantly be interested in starting legal action with you, i have also lost a lot due to this and its set me back a bit.

I did report it to police straight away, though police has done nothing yet, I do not think police even understands the complexity of the issue

You need to report it to the police (you should have done this straight way).

They are the only ones able to compel Polo to release the details of the person who traded against you, and to pursue the other trader for the funds (and try them in court). It's no good suing Polo - they can prove you didn't have 2fa, and therefore they are not liable (especially as the terms and conditions when you signed up probably say something to the effect thay you are responsible for making sure your passwords are not stolen.

I am sorry for your lost guys

I can remember there was a phishing website 2 or 3 months ago which was looking exactly the same as the official polo site but with ending .ru... Did you guys use that website in the past?

Do you think we should start a legal action? I have lost a lot because of this

That is lots of money to keep in exchange without 2fa. Why did you keep your money in exchange anyway? It's not wallet, coins are not yours when they are in it.
I don't see any other thing to do than what Kevin said you to do indirectly.

its beyond a joke. I've just updated my ticket to tell them my password was one of a kind, never used anywhere else, i never give my password to anyone, don't write it down anywhere, and Is used on a secure devise. if they was to actually bother they could freeze his/her account and recover the funds, they just can't be bothered. i still think these exchanges should insure everyones funds for such things, i would happily pay a monthly fee if they did such thing.

Thats true, I sent them a screen shot of trading graph and exact time of the attack, on the very illiquid pair. They still have not investigated this from the looks of it! totally outrageous

thats completely and utterly bulls"it, they have the power to freeze any account they like and they can easily track down who's account was doing this and freeze it, it seems to me they don't care about what this hacker is doing.

My chain of communication with Poloniex

-----------------------------------------------------------------------------------------------
Hi xxxx,

I am very sorry that this has happened to you, however we have not had any breach of security on our side and this incident is specific to your individual account.  We can not be held responsible for any breach where the attacker has used your login details to gain access to your account.
 
Your greatest risk is an account breach due to your login credentials being stolen through phishing or social engineering, which is most likely the case here. This is why it is so important to have 2FA enabled on your account. Also critical: the email address the account is registered under needs to be carefully protected as well, including a unique password and 2FA. Ideally, these accounts should be accessed either from a dedicated computer or a computer that is used for as little else as possible. Any sort of remote access software, such as Team Viewer or VNC, should be completely removed.
 
It is not possible to reverse trades and if the funds have already since left our system/been withdrawn then unfortunately they will be gone forever due to the nature of blockchain technology.

Our compliance team are investigating this particular matter however and if it surfaces that we can recover any or all of your funds then we would indeed inform you of this in due course.

Thank you for understanding.


Best regards,

Kevin
Poloniex Support

Ticket: https://poloniex.freshdesk.com/helpdesk/tickets/271818


B
xxxx, said 4 days ago
Thanks Kevin,

Please let me know how long will it take for your compliance team to investigate this particular matter. Also please send me the evidence of who traded against me (the thief) and the evidence if the funds have since left the system. And if the funds have not left the exchange have you made any effort to block the thief's account and recover my funds. I would need all that information in the legal proceedings to follow. 

I did not have any security breach at my end and all my passwords Were secure. At the end of the day I have been a victim of a crime and exchange should do all it can to recover funds.

Thanks,

xxx
K
Kevin, said 4 days ago
Hi xxx,

First of all, your account details were not leaked by us. We have never had any data breach on our system. This has arisen from the attacker knowing your login details, most likely due to phishing or social engineering, or possibly even something so simple as a malicious browser extension.

With regards to your request, unfortunately we cannot disclose details of an account to a 3rd party without a subpoena from law enforcement.


Best regards,

Kevin
Poloniex Support