Jump to content

Poloniex account hacked?

cjpsurf

By cjpsurf
in Gateways and Exchanges

 Share

Recommended Posts

cjpsurf

cjpsurf

Posted
Posted (edited)

So I got burnt the other day.  My poloniex account was "hacked."  10k in the account but it was never withdrawn.  Whomever did this made ~450 transactions for nearly no gain.  I suspect the only money that was made was through the transaction fees. (No I did not have 2 FA enabled.) SHM

I have been reading online and it is clear that I am not alone.  The purpose of this post is to get a list of all the other people that this has happened to and see if any action is being taken.  

Edited by tomxcs
edited title to remove caps and unproven assertion
Link to comment
Share on other sites
  • Replies 36
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Xilobyte
Xilobyte

Proving that pretty much is the point. I can't figure what your motivation would be, but still you are drumming up emotion for your personal collection. I do not like Polo either as they "feel" sneaky

creddit_ecksarepee
creddit_ecksarepee

20 zerps says OP is the same guy as the other guy 'confirming' it happened to him too.   

Xilobyte
Xilobyte

Doesn't happen to the smarter guys. There are several posts here that quite thoroughly explain about the dangers of stiring in an exchange instead of in your private cold wallet. So even if he is tell

eza4short

eza4short

Posted
Posted

After checking my account over the weekend this same situation has happen to me resulting in over $5k lost . No money was withdrawn but over 300 trades were made all within side an hour and all for a lost. Beware and safe guard your account the best u can.  

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

@cjpsurf @eza4short Can you provide any additional details, it would be helpful for the rest of the community. Whilst this will not assist in the recovery of your lost funds it may prompt others to make account changes to increase personal security, it will also be helpful to understand if Poloniex has reasonable transaction monitoring in place.

What trades were done on the account? Did they use unusual trade pairs or just btc, ltc, xrp ect

Was the trading activity consistent with your previous account activity i.e your standard traders are $250usd and it has increased to $5k?

Do you recycle the same user credentials across multiple different websites i.e Poloniex uses email and password login (they also verify if the account exists by stating "invalid login details")? I recommend checking the website https://haveibeenpwned.com/ or another similar service, enter the email address that you use on Poloniex and verify if this address has been compromised as part of a third party data breach i.e Linkedin. 

One of the common ways "hackers" take over accounts is a method referred to as "credential stuffing". Using this method credentials that have been compromised via a third party data breach are essentially loaded into a tool (such as Sentry MBA) these credentials are targetted towards the website they are attempting to take over accounts. 

For example: Linkedin's 164m email/ password combination will be directed at website A, if the website returns "invalid username" the "hacker" will know that no account exists with those credentials. Alternatively, the web site could return a message such as "invalid password" in which case "the hacker" will use other password variations or in the worst case scenario the hacker will gain entry to the account.

If your details are confirmed to be listed in a data breach, it is worthwhile utilising a password manager. A password manager will set a long unique password for each website (whilst risks are present in using one service to access all passwords, this is safer than using the exact same details on every website or go oldschool and record your passwords in a notepad) additionally always use 2fa when possible. 

Sorry to hear about your experience.

 

 

 

 

Link to comment
Share on other sites
cjpsurf

cjpsurf

Posted
  • Author
Posted
On 7/10/2017 at 11:33 PM, eza4short said:

After checking my account over the weekend this same situation has happen to me resulting in over $5k lost . No money was withdrawn but over 300 trades were made all within side an hour and all for a lost. Beware and safe guard your account the best u can.  

Im sure you've created a ticket with customer support(crickets).....Have you done anything else!?  I hate to point fingers without any evidence but it seems the only beneficiary of such a move would be the exchange itself with all the transaction fees

Link to comment
Share on other sites
cjpsurf

cjpsurf

Posted
  • Author
Posted
On 7/11/2017 at 0:38 AM, Pointbreak said:

@cjpsurf @eza4short Can you provide any additional details, it would be helpful for the rest of the community. Whilst this will not assist in the recovery of your lost funds it may prompt others to make account changes to increase personal security, it will also be helpful to understand if Poloniex has reasonable transaction monitoring in place.

What trades were done on the account? Did they use unusual trade pairs or just btc, ltc, xrp ect

Was the trading activity consistent with your previous account activity i.e your standard traders are $250usd and it has increased to $5k?

Do you recycle the same user credentials across multiple different websites i.e Poloniex uses email and password login (they also verify if the account exists by stating "invalid login details")? I recommend checking the website https://haveibeenpwned.com/ or another similar service, enter the email address that you use on Poloniex and verify if this address has been compromised as part of a third party data breach i.e Linkedin. 

One of the common ways "hackers" take over accounts is a method referred to as "credential stuffing". Using this method credentials that have been compromised via a third party data breach are essentially loaded into a tool (such as Sentry MBA) these credentials are targetted towards the website they are attempting to take over accounts. 

For example: Linkedin's 164m email/ password combination will be directed at website A, if the website returns "invalid username" the "hacker" will know that no account exists with those credentials. Alternatively, the web site could return a message such as "invalid password" in which case "the hacker" will use other password variations or in the worst case scenario the hacker will gain entry to the account.

If your details are confirmed to be listed in a data breach, it is worthwhile utilising a password manager. A password manager will set a long unique password for each website (whilst risks are present in using one service to access all passwords, this is safer than using the exact same details on every website or go oldschool and record your passwords in a notepad) additionally always use 2fa when possible. 

Sorry to hear about your experience.

 

 

 

 

Thank you for all the helpful advice.  To answer some of your questions firstly I'm more of a Horder type......I don't day trade much so I think it would have raised some huge red flags when 450 transactions occurred in ~ 40 minutes on an account that hasn't made 25 transactions over the life of the account.  The trades that occurred were buy high sell low type transactions......They first converted to Btc...them nxt xmr then to bcn.  My account funds were depleted by transaction fees.  I did not have 2fa and i do now.  Honestly one can make the argument that they could have manipulated the market with low volume (BCN) and sat on their account to profit but that doesnt seem lucrative at all to me although looking at BCN chart it did some weird things in the given time frame.  Again I cant stress enough that my funds were depleted by transaction fees and the fees profits go to the exchange.  I created a support ticket but have not been contacted minus the bot generic response

Link to comment
Share on other sites
cjpsurf

cjpsurf

Posted
  • Author
Posted
9 minutes ago, creddit_ecksarepee said:

20 zerps says OP is the same guy as the other guy 'confirming' it happened to him too. 

 

What is his plan of action do you know?  Is there any recourse?

Link to comment
Share on other sites
Xilobyte

Xilobyte

Posted
Posted

Doesn't happen to the smarter guys. There are several posts here that quite thoroughly explain about the dangers of stiring in an exchange instead of in your private cold wallet. So even if he is telling the truth, he took the risk and got what he got.

Now lets take another point of view.... @cjpsurf how about providing some factual data to back ya up. Send the addresses to this community and let them see themselves. Why don't you also go ahead and get us a certified copy of the acknowledgment from Polo or anywhere else that verifies yes you were hacked. And if you have none of that, then take your mess to reddit or facebook instead.

Link to comment
Share on other sites
Xilobyte

Xilobyte

Posted
Posted

Actually, XRPChat devs likely have both of these member's ip addresses. Perhaps one of them used a Tor net to sign up but usually not, just because they are lazy. If both are same IP then lets help this guy move on. If not then maybe that will add a minut level of a story that thus far has provided no facts.

Link to comment
Share on other sites
cjpsurf

cjpsurf

Posted
  • Author
Posted
14 minutes ago, creddit_ecksarepee said:

20 zerps says OP is the same guy as the other guy 'confirming' it happened to him too. 

 

????  Why would you say that??  You know after I got "hacked'" I got online and started researching if it had happened to anyone else. I'll save you the surprise.....  In short it did.  And on some of the forums that they posted their "hack experience," on there were certain replies to the original thread that I couldnt help but think that the replies came from employees of the exchange. They were so heated and emotional and I thought why would anybody be so emotional on something that didnt happen to them let alone reply to it or google search it to begin with.  I mean if I don't have a dog I'm not going to go to the supermarket and waste my time figuring out which is the best dog food to buy.  You understand my point? 

They pointed fault in all other different directions.  "Your email got hacked.  Your password is too simple, your computer is compromised,etc."  The fact of the matter is if my email got hacked they could have withdrawn the funds for a straight 10K although that may have been traceable instead of supposedly" very minimal gains buying and selling to manipulate a market("cough cough transaction fees).  Secondly, I have lots of accounts.......real world accounts like bank accounts, and insurance, and other exchanges that I only access from my phone and computer and none of the above were hacked.........

I dont know the guy that replied stating that it happened to him too......I feel bad for him though because I can empathize for his situation .I have a question for you though.........do you work for any exchanges

Link to comment
Share on other sites
cjpsurf

cjpsurf

Posted
  • Author
Posted
34 minutes ago, Xilobyte said:

Doesn't happen to the smarter guys. There are several posts here that quite thoroughly explain about the dangers of stiring in an exchange instead of in your private cold wallet. So even if he is telling the truth, he took the risk and got what he got.

Now lets take another point of view.... @cjpsurf how about providing some factual data to back ya up. Send the addresses to this community and let them see themselves. Why don't you also go ahead and get us a certified copy of the acknowledgment from Polo or anywhere else that verifies yes you were hacked. And if you have none of that, then take your mess to reddit or facebook instead.

LOL....a certified copy.....ya all just run to the bank and get it notarized .....if polo had responded and sent me any kind of an acknowledgement minus the robot email acknowledgement stating that they have received my costumer support ticket and they will be in contact soon. Today is the 12th btw and still have not heard anything but I had low expectations since some of the other peoples stories had to wait literally months.

 I don't think I'll be sending ANY addresses either for that matter however I'd be much obliged to send the 9 pages of trade history that occurred on the 8th of july in the span of 40 minutes.  But its alot, and lots of numbers and messy......if you feel up to the task smart guy.

I feel at this point it would only be to prove that Im not lying in the whole matter and still for the life of me I can't imagine why anyone would.............The reason for this post was to get a hold of other people to see what their plan of action was and if there was any recourse......Not to prove my innocence........However like I said I'd be much obliged to screen shot 9 pages of trade history IF its constructive

Link to comment
Share on other sites
Graine

Graine

Posted
Posted

File charges with local PD -> send scan copy to Polo -> wait to ask what you need to get the ip log for your account. In case of inactivity from Polo -> file a complaint with SEC if you are an US citizen, or a respective board for Ecommerce watch-dog of your country. Scan the complaints and attach them to Polo ticket. -> Get an attorney | File a claim with Interpol against Polo for negligence and/or refusal to investigate theft.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...