Bitcoin Forum

Poloniex sent out an email requesting password change to users after seeing a leak of emails and passwords on Twitter.


read more:https://cointelegraph.com/news/poloniex-crypto-exchange-confirms-data-leak-after-awkward-email (https://cointelegraph.com/news/poloniex-crypto-exchange-confirms-data-leak-after-awkward-email)

I speculate that a database from another exchange or cryptocurrency related website was leaked and therefore users that use the same password/email everywhere could potentially be a victim of unauthorized access to their accounts.That's why you should not use same passwords everywhere you sign up and opt for offline password generators; stay safe folks.

The funny part is actually there is some users that thought the email sent by Poloniex was a phishing attempt and not a genuine email  ;D

Pity about it. Well, the quickness of their action goes to show that they were legitimately prepared for any breaches on their database though, which should really be commended to them. Not familiar with how the reset goes, but shouldn't it be like Poloniex gives a link, user changes password through that? If the pass change asks for the old password, it could be possible to realize it is a scam, but if it doesn't, I don't suppose you'd need to label it as a scam there and then. Just create a very unique one I suppose.

Shouldn't it be easily noticeable if the email sent is legit from Poloniex or not?

No way. Poloniex wouldn't ask users to change their passwords over that. I think it's obvious they had a database compromised and are downplaying the severity of what happened.


I guess you're a "glass half full" kind of guy? :)

They haven't mentioned anything on Twitter or posted an official announcement about it. Kind of shady, really.

Erm, Might not be an announcement made but a comment made by the support itself was made to the doubtful twitter post though which says
The said twitter link could be found on the link provided by OP, so I assumed the announcement regarding it was true. Just checked the said twitter account of the support, and I indeed failed to find an official announcement about it, BUT contained the said comment regarding the email to be true, which is weird.

Apologies if I made a wrong assumption bout that.

No way. Poloniex wouldn't ask users to change their passwords over that. I think it's obvious they had a database compromised and are downplaying the severity of what happened.


I hope the account with 2FA activation upon login is safe.Still we need to update our password.


Hmm... maybe they are still verifying and investigating the said incident.

Sometimes being too paranoid when it comes to phishing or hacking so i cant blame those person who do said such thing.They do just believed out on how secure Poloniex is and once
they do able to read it up then they do believe that its just an another phishing email without even realizing or having second thoughts that it is a legit one.
Data Leaks? Im not already surprised anymore when it comes to this.

everyone needs to pay attention to the email received whether it is official or just a fake email, but in my opinion maybe for those who activate 2FA on emails and poloniex accounts I think it will be safe, if in my mind a lot of passwords generated by the generator password will make too many stacks are stored, in fact this I have also applied that the passwords that I usually register on several sites are never the same, just a little difference from the password but do not have to accumulate passwords somewhere, because it's easy to remember

It's not really being paranoid but rather wanting to secure their accounts and preventing themselves from being scammed because of a "possible" fake mail from Poloniex. Data leaks are already a part of any tech out there and it isn't really surprising for such things to occur, but the quickness of the counter movement of the company themselves is the measure of whether the trust is well equipped for such situations. Sadly, Poloniex fails at this with their failure of announcing it officially and instead emailing their users, which led to a lot of people believing it to be a scam.

are you sure about your statement, I am a poloniex user but do not receive messages as you mentioned, on the 30th there was an email but it was about the announcement of smaller fees, if there is indeed a leak it will indeed be very detrimental to the user, despite using 2fa security, I'm sure many users have the same password for other sites,

Actually i am not get Poloniex's email too. But if something like this happen and a lot of people talk about it, i will change my password immediately although already put 2fa. Something like this really dangerous especially if data of someone who maybe careless and use same password in a lot of his accounts, other accounts can get affected by it.

I tried to find and have not found authentic evidence, just a tweet from their Polosupport twitter account. It's better to change data manually as soon as possible. Poloniex just removed Kyc's obligation to new users around December 23, and then this problem appeared 7 days after that. as long as 2fa is still active, no need to worry and immediately take the necessary security steps.

Similar to what happened to BitMex months ago. The issue could happen in every centralized exchange so not gonna get surprised with this. Users should be aware of this kind of issue since the beginning. But at least, this one has a funny part, such as an awkward momment. LOL.

I think the users did the right thing. I would be suspicious too. But it's better not to ignore  message like that completely. A more sensible thing to do in such situations is to trust but verify
The users should probably go to the exchange verified Twitter handle to access the website safely.

It’s not funny part mate.Even I will not believe that It's true.Because the user didn’t try to reset password but he received the mail.how people believe it? Though I will check it twice to,If I receive the same mail.I am just replying this because you told it funny part,but I don’t Think.Thank you.             

The immediate response to a data breach would be to mitigate the damage by immediately sending out notices and a password change form to the users within a few hours after the data breach was known.

That's why it's nwvwr advisable to use the same passwords in different websites in the firat place as it clearly invites your accounts to get hacked at one point and you losing all the data in the process.

Never really liked Poloniex in its current state and idk whether people still trade in there but good thing they acted quickly to inform their user-base about the leak.

I also received an email from Poloniex and I thought it was just phishing because of frequent email entry like that, if it is official from Poloniex to make a password change to every user then I will do it as soon as possible, because I have ignored the email message .
And want to find out about Poloniex data leakage.

terrible, many market exchanges that have a very good reputation suddenly appear shocking news like that, customer data is leaked to the public. I am a poloniex customer but I never get an email to be told to change my password, I feel safe because I use 2fa. for others, be careful not to use the same password when creating accounts on every website, exchange market, or whatever.

I assume the exchange allows for the use of 2FA? That would be one potential positive (and a feature every exchange should offer), though even 2FA does have vulnerabilities that could result in malicious people accessing your exchange accounts.

You might also want to change your passwords for other sites if you have a tendency to use the same password for multiple sites. Hackers like to bruteforce logins on a variety of websites with leaked data, and you never know if another one of your important accounts could be compromised.

They are literally backed by a huge wall street company, how are they letting something like this happen when they have trillions of dollars in their funds? Sure they are their own company as well but they are owned by Circle which is a multi billion dollar company and an app that is known all around the world and getting a big chunk of the market share as we speak and that company Circle? That is owned by Goldman Sachs (sort of, they own small part of it) which is the trillion dollar fund that I was talking about.

I understand hackers will hack things and even NASA has been hacked couple times now and people see it as a challenge at this point but honestly I would expect them to make their security better and at least save their customers information.

Yes, there's no escape once you missed to protect your business, hackers are always looking for opportunities and with how poloniex needs to
adjust after this incidents traders also needs to comply, if there's a need of changing password and if possible to withdraw your assets for a
while and secure everything while this still in process of correction.

The tweet was deleted minutes after Poloniex announce there was a leak, anyone has real proof that the leak is from Poloniex? it seems for me that this is a shady hack, no real proof of it.
Maybe Poloniex was trying to get some exposure on the news, the exchange is already dead and more bad publicity will not really affect them.

This could be significantly worse than the Bitmex leak considering Poloniex is forcing a password reset for all accounts. With Bitmex, only email addresses were compromised, so only users with balances and no 2FA were forced to reset their passwords (out of an abundance of caution).

We actually don't know the extent of this leak since Poloniex hasn't been forthright about what happened. For all we know, passwords and KYC data were compromised.

Become new drama with exchange market on new year again where Poloniex exchange market have leak their data and announce it on twitter, will be Poloniex become fist exchange market on this year announce to public their account hack or not, we glad waiting for with their continue announcement about how come their exchange keep better and fix it.

It's not really dead, it still has 41 million USD daily volume and is ranked #65 on CMC. It used to be in the very top back in 2017 so it is in decline, that's true.

I could kinda tolerate to people who are saying such thing. I got massive phishing attempt through email few months ago and you know what's the funny part is, the whole email is saying exactly like the things poloniex said, telling there system is breached and people should do immediate password change. This email format even if it comes from poloniex official mailer still sounds phishy that it could make people just outright ignore the email.

If I'm not mistaken, even if you don't enable 2FA, they will send the email verification especially if you're in new IP Address which is good, so even though the hackers got your password they have to get your email to access the verification email. But again users should change the password just make sure something bad will not happen to you. I personally use a different password for different account and I think people should do that too.

The email was sent from the official Poloniex used email. It should not be confusing nor suspicious to those who received that mail.

If ever those users didn't notice that, the announcement made was enough for them to know that the email was legit.

To verify, after reading the email content they should probably head to any official channel of Poloniex and will check if the announcement was legit and genuine.

These data leak is really dangerous and i am a victim of this, but lucky my exchange account is empty. I was use the same email and password for all exchange and even bounty. Few months ago, my Bitfinex account was logged 2-3 time each months from strange ip address, i have try to freeze this account but its keep logging in, i have ignore this since i have no money there. Anyway, each password should be use for each site to avoid this problem.

Different password, and different email for wallet and bounty will be needed. I think you will need it because anything that we submit in a project is not really safe. And then we don't need to reveal our main email except if join bounty and it distributed to some exchange's account.

For me poloniex is not a famous exchange at the moment. Currently there are not many users on this exchange and the volume on this exchange is very low. But the issues related to the security of exchanges are always fearful for us because our information can be hacked at any time. And your suggestion is great, we should not use one password for many different websites, because it can be easily searched by hackers.

Not good. This is another reason to avoid keeping coins on exchanges. Although in this case, even if you don’t have coins on Poloniex but have an account with them, it’s not good that the password may be compromised.

I was quite surprised, this news did not seem to be a big problem, some regarded it as something ordinary. very different when the kyc leakage case in binance arises. Actually there is no significant effect for old accounts because previously they were required to kyc and use authenticator. It's better not to think too complicated and start changing passwords and even resetting 2fa.

There is nothing at all on Poloniex's twitter acount about this at all:

https://twitter.com/Poloniex

It looks like this was a scam attempt - with the scammers then trying to persuade people that the email was real in this thread! So a double scam attempt.

Yeah that must be a scam attempt and also i think the thread maker is don't know either if it's a scam. Poloniex is an good old exchanges that still operating till right now. I was using it for a long time and nothing problem happened to me. The interface looked like old style but all function is well.

I dint't receive any e-mail from poloniex.
Am I considered safe on that list?

Maybe it will be better to just change my password.
I have been using the same password for different exchanges and I don't want to jeopardize everything.

I am a poloniex user and i didnt recieve anything of such, one thing i discover in this space is that scammers would go to any extent to get your exchange accounts compromised. Dont be surprised if your several exchange accounts gets compromised because whoever that's behind it would always try to use the login details you provided to login all other exchanges (The more reason why 2fa is mandatory for all exchanges).

In all, lets just check the credibility of whatever mail we receive to avoid stories that touches the heart... ::)

It's pretty easy to spoof the sender's email address in a phishing attack. My gut instincts would have suspected a phishing attack too, especially because Poloniex never publicly announced anything.


Nope, the emails were real. Poloniex support reps confirmed. They ended up forcing customers to change their passwords: https://thenextweb.com/hardfork/2020/01/02/cryptocurrency-exchange-poloniex-forces-change-passwords-data-leak-twitter/

They probably deleted the tweet to make it look like nothing happened, but plenty of wrong doing did take place, and that wasn't the first time at Poloniex.


Stay informed! Circle almost killed Polonix because of their stupid management, and they've sold it. Poloniex is now owned by a secret owner hiding in the Seychelles.

As soon as I read that article in Cointelegraph, I checked my Poloniex account and look at my email if I also received such an email. I didn’t get any. Does that mean my account was not among those that was leaked? I still updated my password just because quarterly I change my password and use random password generator by Avast. I dont use the same password on the exchanges that I use. Not anymore.

Not a great look for Poloniex at the start of the year at all.

They're already having reputation issues with their previous issues with support tickets and all that that earned them a bad name, and they're just trying to rebrand themselves after Circle. This happening will definitely set back their progress quite a bit, to say the least.

At the end of the day though, as a user, you need to protect yourself and to be safe, you shouldn't be keeping any significant sum of money on such exchanges anyhow.