Topic: Poloniex verification my account is locked. Now found my coins have been stolen. (Read 1267 times)

hi yefi. even if i had frozen my account at the point i spoke to you. it wouldnt have made any difference.but thank you for your help a few days ago.  the money had already been taken at that point. i spoke to you the day after the money was stolen. its just sickening that someone can just steal your coins so easily. but one things for sure now that i know about 2fa i will make absolutely sure that any future coins are as secure as possible. i had only been on poloniex about three days at that point. had never heard of 2fa as i had never before had any need to use it. when i tried to sign in with my mobile phone after the battery had died on my ipad. that was when i had a problem getting back in. i just assumed that i had not recieved a text that polo had sent to my mobile phone. thats what i initially thought 2fa was. as previously with coinbase they would have sent a text.
i did run a virus scan on both my phone and my ipad. and no viruses where found on either device.

I maybe should have advised you to freeze your account, because I had a suspicion you'd been hacked.


With 2FA enabled, you can disable email verification for withdrawals. You should have received emails confirming this behaviour however. Most probably the attacker has simply deleted all incriminating communications from your email. He most likely knows your password, so you want to change that to something secure and unguessable asap. Also, make sure to use a reputable email service like gmail, not any small-time operation.

Yah, still waiting this morning too.  

If it's an exit scam,  then I have absolutely nothing but bad luck, and fate has it out for me.

exit scam

You're still waiting Tante??  Bloody hell 

I feel for you.  I made a btc withdrawal to coinbase on the 22nd and they immediately put me in the "awaiting approval" line.  It's the biggest withdrawl I've ever requested, though not much by normal people's standards, and well below my tier 1 status, which I never felt the need to change.  I've sent them a picture of myself with the newspaper and my driver's license so they can see it's really me, but I have yet to hear from them. 

58 hours and counting

Would love to hear from anyone who has successfully withdrawn lately, especially after being flagged?  Thanks!

yes i think something is wrong. it is definately very dodgy whats happened to me. what with everyones withdrawals getting stuck. yet my withdrawal that was apparently made from the outside was allowed to go through. seams like everyones having a problem of one sort or another.

I received an automatic response stating that the withdrawal aproval is a security measure... but i didnt get a response for a security agent on there behalfe.. Its a small ammount. I´m more concern with the rest of what i have trading on polo...

idk but something is going on, i just changed my password and got a response in email about my verification center

I have a BTC withdrawal since 21/7 at 10 o´clock. No response from support. Is this an exit scam on polo? Hope not, but something smells very fishy!!
Is there any other channel to talk to them besides support?

be careful I don't know what going on but my withdrawal been stuck for a while now



Awaiting Approval   LTC   14.27407411
2017-07-21 13:56:58
Address: LaSFzjL8FwBka95GLC41XrvaLYJxH9ibcq

Something is definitely not right. Think about it. With all these withdrawals not being approved. I know that the withdrawal was taken after I spoke to an agent. Yet still a withdrawal was able to be made. Things just don't add up. X

my LTC. has been awaiting approval since 7/21/17 contact support they read no respond what is going on over there exit scam?I hope not

I doubt I will get it back. Just can't believe they didn't lock the account and prevent the hacker from trying to make the withdrawal. I know one thing. I can't trust poloniex. Will use bittrex from now on. X

I had the same issue with 2FA (stolen phone and no backup). They locked my account at verification phase, but in the end all went well. Although it took several days at the end i got my account back, untouched. Hope in the end it goes well for you as well.

Well one things for sure I will never trust poloniex again. They could have taken steps to protect my account but they didn't. There would have been no doubt in there minds when I made the first contact that it was definitely me. As I was able to tell them exact amounts of three deposits I had made. What coins they where and on what dates. But one things for sure I now know that polo cannot be trusted. I had made a trade just moments before my iPad battery died. And had messaged them within minutes.

I'm sorry, but your money's gone, Polo is a piece of crap I think there is no way you can get it back and no one here can help you.
take it as a lesson learned and move on

The reason I did not know was that I am completely new to cryptocurrency. I had never heard of 2fa until I was asked for my 2fa code.when I logged into poloniex. This was my first time logging in and being asked for 2fa.  I had only been with them about three or four days at that point. So I was just finding my feet.  I had switched from my iPad to my mobile phone. I had assumed that I must have done it by mistake and not saved any seeds. I have just enabled 2fa on my account. So if you have never done it before. And you don't know it exists. Then you would not know before hand what it is and what it should look like. It was only after some research that I knew what it was. But as I had just switched to my mobile When I discovered there was a problem. My iPad has a weak battery so when I plug it in it still drains slowely whilst and needs to be left for an extended time to recharge. So until it's been left long enough plugged in it can't be used.
When I first contacted support they answered quickly and asked me for details of my last three deposits. And withdrawals. I told them that I have never made any withdrawals and gave him details of all deposits.
He did not offer any other advice and totally ignored me after that. I heard no more from them. The withdrawal was made after I had my first contact with him. No email verification message to alert me of a withdrawal. They gave no advice at all just ignored me after for almost a week.
I actually thought that 2fa was where they send you a text message to your Mobile  phone. With a code. I also stated that in my first contact message to them. As that is what coinbase do. I actually said to them that I hadn't recieved any texts. I also gave them my phone number and asked them to resend it.coinbase send you a text with a code. I know that was naive. But poloniex knew that was what I thought it was and still did not put I. Steps to protect my coins. They would have known it was genuinely me or I would not have been able to give them exact amounts of my deposits.
They did not offer any advice. I had contacted them in time. They could have advised me to freeze my account or frozen it themselves. But they just ignored me after. They knew I was new to crypto. As that was also stated in the message.

I'm not here to defend Poloniex but just think a bit about what happened first.

First, how can you not know if you activated 2FA or not? First you said:
p.s: can't you just charge your IPad?

And now this:

I believe that the step by step to activate the 2FA on your account is pretty self explanatory. You must click on the big "Enable 2FA" button and check the "I have backed up my 16-digit key" checkbox.

Now imagine if you really activated 2FA and someone sends a email to Poloniex pretending to be you and asking them to desactivate your 2FA. Would you be happy with them just disabling it and letting anyone log in immediately and withdraw your coins?

It sounds like you need to run some virus scans on your computer.  If you can, move any coins on your computer or other devices to offline storage.  I'd also ask Polo for any information they can give you on the withdrawals, IP addresses etc.  But if somebody gained access to your account the attack vector is probably still there.  I recommend installing Google Authenticator or Authy on your phone and securing all your online accounts with 2FA as quickly as possible, following the instructions within the app to back up your data so you don't risk locking yourself out.  Unfortunately, Poloniex are unlikely to accept any responsibility for breaches on accounts that aren't secured by 2FA or where they can argue that the attack vector is on the customer side, which they usually will.

And virus-check everything.

Edit: from Polo's reply your email account is compromised as well, so be sure to change your password and take any other steps to secure it.