In a significant security breach, Poloniex, the cryptocurrency exchange owned by Tron founder Justin Sun, experienced a loss of more than $126 million in various crypto assets. The breach was initially detected by blockchain security firm Peckshield, with subsequent investigations revealing a series of transfers from Poloniex’s “Poloniex 4” wallet to a hacker’s wallet.
The compromised assets included Ethereum (ETH), TRON, stablecoins such as USDT and TUSD, and popular meme coins like PEPE, FLOKI, and SHIB. Not limited to the Ethereum blockchain, additional data compiled by Arkham Intelligence disclosed that the attack extended to over 288 million TRX and 865 Bitcoin.
Analyzing the hacker’s activity, funds were routed to a second wallet before being exchanged primarily for USDC using MetaMask’s swapping feature. However, an intriguing misstep occurred when the hacker accidentally sent $2.5 million in stolen Golem tokens (GLM) to the token contract instead of the intended secondary addresses, rendering the sum irretrievable.
Poloniex’s initial response came through a tweet from its customer support account, stating that the wallet had been disabled for maintenance, promising updates upon re-enabling. Subsequently, Tron founder Justin Sun confirmed the hack through a tweet, emphasizing ongoing investigations and assuring users of the exchange’s robust financial standing.
Sun expressed commitment to reimburse affected funds and revealed collaboration with other exchanges to expedite the recovery process. The incident highlights the persistent challenges facing crypto exchanges in securing user assets and underscores the collaborative efforts required within the industry to address such breaches.