In early June my Poloniex account was hacked. It took almost no time for the hacker to empty the entire account with the 10 BTC in there. The hackers didn’t just transfer the BTC though, instead they used the web interface to do multiple trades. They couldn’t do a straight transfer because Poloniex would use email verification to perform withdrawals and this would have obviously alerted me. I would have been able to put a hold on the account. The hackers sold my coins to their for a low price then sold those coins back to me at a high price. Needless to say, after repeating this for 2 hours, the hacker was able to essentially drain the 10 BTC from my account. I immediately emailed Poloniex as soon as I found out and filed a ticket with them. This is the response I received:
We have identified the accounts involved and they have been banned. Unfortunately, as is normally the case in these situations the attackers immediately withdrew the majority of the coins and as these transactions have now left our system and have been confirmed by the blockchain then they are outside our control. We will continue to investigate further and see if we are able to recover any of the coins that were not yet withdrawn.
I’m taking the time to post and share this story for a few reasons.
First, to warn everyone to protect their accounts properly! Always use Two factor authentication! I was a lazy idiot and I didn’t do this. I thought it was too much of a hassle to grab my phone each time to log in. This would have protected my account from the hack and saved me $25.000!
Second, I’m trying to bring attention to my story in hopes that Poloniex will be able to do something to help me recover my lost coins. I really doubt this will be the case, but i figure it’s worth a shot.