In a major cyber attack on Friday, hackers pilfered over $100 million from cryptocurrency trading platform Poloniex, absconding with substantial amounts of Bitcoin and Ethereum. The platform confirmed the incident on social media, assuring users of a thorough investigation and a commitment to fully reimburse those impacted by the breach.
In a surprising move, Poloniex publicly announced a bounty of 5% of the stolen funds, urging the hacker’s cooperation for their return within seven days to avoid law enforcement intervention. The company is also exploring collaborative efforts with partners to expedite fund recovery.
Founded in 2014 and acquired by Circle in 2018, Poloniex gained notoriety for its lax customer controls and the trading of diverse, sometimes questionable, coins. Circle sold the company to controversial crypto entrepreneur Justin Sun, who subsequently relocated it to the Seychelles islands to evade regulations.
Justin Sun asserted the platform’s financial stability and commitment to full reimbursement, revealing that a portion of the hacker’s assets had been identified and frozen. Blockchain security firms, however, provided varying estimates of the stolen amount, ranging from $114 million to $130 million.
Poloniex, known for facilitating millions of dollars in daily crypto trades, had handled over $500 million in cryptocurrency transactions within the 24 hours preceding the attack, as reported by CoinMarketCap.
This breach follows a period of relative calm in crypto platform attacks, with incidents in August involving Exactly Protocol and Harbor Protocol. Notably, the widely used Web3 programming language, Vyper, fell victim to hackers earlier this year, resulting in the theft of at least $61 million in cryptocurrency.
U.S. law enforcement agencies suspect North Korea’s Lazarus hacking group as a primary instigator of crypto platform attacks, allegedly using stolen crypto funds to finance its nuclear weapons program. The Poloniex incident raises concerns about the persistent threat landscape faced by cryptocurrency platforms despite recent lulls in such attacks.