Poloniex - REKT

Nothing like a nine-figure exchange hack to cool the pump-induced euphoria.

Justin Sun’s exchange Poloniex had its hot wallets drained of $126M today.

The alarm was raised. Then, approximately half an hour after funds began to be drained, Poloniex notified users its wallet had been “disabled for maintenance”.

Nothing to see here, folks.

After another half hour, Justin Sun responded more directly, promising to cover losses:

We are currently investigating the Poloniex hack incident. Poloniex maintains a healthy financial position and will fully reimburse the affected funds. Additionally, we are exploring opportunities for collaboration with other exchanges to facilitate the recovery of these funds.

As the amounts stacked up, Poloniex followed up with a whitehat bounty offer of 5%. Arkham’s on-chain intel market (or doxx-to-earn platform) also offered a $4000 bounty for an ID on the hacker.

Will it be enough to either tempt, or force, a return of the loot this time?

Credit: Arkham, SlowMist

As ever, exchange hacks are often down to off-chain attack vectors, with the aim of gaining access to a device or an employee in order to extract private keys.

Organised threat actors, such as North Korea’s Lazarus Group, are well-versed in a variety of methods to carry out extensive phishing campaigns. So far this year, over $250M has been lost in incidents linked to the group, including attacks on Atomic Wallet, AlphaPo, Stake and CoinEx.

Could this be another big payday for the DPRK?

Regardless of who was responsible, for Poloniex the attack began at 10:30 AM UTC, with a transaction draining 4900 ETH ($10M) from the address labelled Poloniex 4 on Etherscan.

The attack continued on Ethereum, TRON and BTC, with a total of $126M lost, according to Arkham’s attacker profile (which displays totals of $59.2M, $48.6M, $18.6M held on the three chains, respectively).

Main attacker address (ETH): 0x0a5984f86200415894821bfefc1c1de036dbf9e7

Main attaker address (TRON): TKK6d1YALy8HCSoCSWWd1ZJhyC9NPPx4wa

Main attaker address (BTC): bc1qnpc7u2ha7ct9c458rrqsawylz9e9j6jvkvzttt

Dispersal of tokens among many hacker addresses on Ethereum (labelled 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13, 14, 15) which were used to swap out tokens to ETH and hold it, or further it disperse to new addresses.

The largest asset losses were of 33M USDT (22M on TRON and 11M on ETH), 4900 ETH ($10M) on Ethereum, $18.6M of native BTC and a further $14M of BTC on TRON and $5M USDC on Ethereum.

SlowMist compiled a lengthy (though not yet complete) breakdown of assets stolen.

The hacker’s actions on-chain had some unexpected results.

In swapping out (freezable) the USDT stolen on Tron to TRX, the attacker pumped Justin Sun’s bags by 25%. At least it makes up for some of the losses he’s promised to cover…

And in the rush to liquidate stolen assets, the attacker lost almost $2.6M worth of Golem Network’s GLM by transferring it directly to the token’s contract.


In late-September HTX (formerly Huobi) was hit for $7.9M, with Sun making it clear that reimbursing users would be small change for someone with pockets as deep as His Excellency’s.

Luckily for Justin, he ultimately managed to escape shelling out for a costly compensation scheme when the funds were returned less than two weeks later.

Now, he has promised to cover losses over 10x larger…

…while offering a (lower-than-the-going-rate) 5% bounty and a 7-day grace period to think it over.

Is he confident the hacker will take him up on it? Or feeling over-confident after getting lucky last time?

How deep do Sun’s pockets go?

share this article

REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.

donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C


REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.