Poloniex Exchange Suffers BitMEX-Style Security Breach
As this decade inches to a close, Poloniex becomes the next cryptocurrency exchange to mismanage user data after “someone leaked” email addresses and passwords.
Poloniex Forces Users to Reset Passwords
After rampant scams and phishing attempts, Poloniex customers were rightly cautious over the email they received from the cryptocurrency exchange on Dec 30.
One customer tagged Poloniex on Twitter telling the company to “be careful” with the “scam” email doing the rounds.
— Charly (@charlysatoshi) December 30, 2019
To be fair, with so many phish in the sea, Poloniex’s email was certainly vague. There were no details or facts about the cause or consequence–or size–of the breach.
It merely said that “someone leaked a list of email addresses and passwords on Twitter”. The communication could well have been an outright attempt from hackers to siphon off users’ funds.
Moreover, the email was not accompanied by any official statement on the company’s blog–raising further suspicion.
It seems fairly obvious that the struggling cryptocurrency exchange in the midst of a last-ditch facelift wanted to keep news of the breach under wraps.
However, the customer’s tweet about the “scam” mail forced Poloniex customer support to acknowledge that it was real. They replied:
This is a real email! Please reset your password for account security.
In the email, Poloniex stated that “almost all of the leaked emails do not belong to Poloniex accounts.” However, they were doing a force reset on all passwords just in case.
They then urged all customers to set up 2FA in a follow-up tweet:
Steps to set up 2FA:
– Install an authenticator application on your phone
– Click 2FA in your Polo settings
– Scan the barcode or manually enter the 16 digit key
– Safely store your backup code & QR code in case your phone gets lost, stolen, or erased
— Poloniex Customer Support (@PoloSupport) December 30, 2019
Keeping the Security Breach Quiet
With no official statement, it’s impossible to ascertain the size of the breach. However, it’s clear that Poloniex wants to keep it as quiet as possible.
In a congratulatory tweet a few moments ago, the company reminded its customers of all the successes over the year that “benefitted” its users.
These included setting up a new office in Hong Kong and adding the ability to stake TRX.
2019 was a rollercoaster🎢 Here are some of our successes that benefitted you:
— Poloniex Customer Support (@PoloSupport) December 31, 2019
Poloniex seems to be pinning its hopes of luring more customers on its partnership with TRON after closing its doors to US citizens.
Whether that was a wise decision or not remains to be seen–as does the severity of the data leak.
What do you make of this Poloniex breach? Add your thoughts in the comment section below
Images via Shutterstock, Twitter @PoloSupport