if the memory does not fail me, when I used poloniex, whenever I made a withdrawal, poloniex would send an email to my email and in that email that poloniex sent me had the link that allowed me to accept the withdrawal (it was a link confirmation of withdrawal). now they do not have this? and if they have, how could you be stolen?
The money wasn't exactly "stolen." You can't use the withdrawal system through the API. Hackers probably used his account (and others) to pump altcoins they were already holding. The hackers could sell their altcoins at inflated prices, then withdraw bitcoins through their accounts.
There was a large scale attack of this kind on Binance last year. The hackers pumped the Viacoin market in an attempt to withdraw:
Quote
Yesterday, within the aforementioned 2 minute period, the hackers used the API keys, placed a large number of market buys on the VIA/BTC market, pushing the price high, while 31 pre-deposited accounts were there selling VIA at the top. The hackers managed to create a pump for Viacoin where the price increased from approximately 0.0002532 till 0.025 (10,000% increase). This was an attempt to move the BTC from the phished accounts to the 31 accounts. Withdrawal requests were then attempted from these accounts immediately afterwards.
Those who had their accounts phished experienced losses because their bitcoins were used to buy VIA at inflated prices. When the market returned to normal, that VIA was worth very little.
