Bitcoin Forum

Well, guys, I guess a lot of you already know this. Poloniex, aka Justin Sun's own Exchange, suffered a hack of 60M+ USD, and they are offering a 5% Bounty (if there are any white hat hackers here or do you know an interested one, here is the official announcement https://x.com/Poloniex/status/1722956238160536049?s=20).
On the other hand, TRX and USDD do not seem to suffer any backlash from this news.

Topic Security Breach and Protection Layers. Do you think that Exchanges and DeFI need more development and investments here or is this just something we have to lay down our heads and deal with?

It's a new hack right? And they hacked in the past too but I don't think they ever recovered anything from the hackers and the same goes to this as well. I want to clarify that they are offering 5% of the total hacked funds to the one who hacked as a gesture in case hacker decides to return the hacked funds but it seems they are living in a different universe to think and offer such bounty.

Sources from Peckshield, Justin Sun's Poloniex exchange is suspected of being hacked. According to estimates, initial damages could exceed $114 million.

Justin Sun has confirmed that the Poloniex  was hacked and that they are investigating. To reassure users, Sun said the exchange has quite good financial potential and will refund the entire amount to affected users. At the same time, Sun also mentioned cooperating with other organizations or exchanges to prevent the flow of money and reduce the loss rate as much as possible. Poloniex currently states that its wallet has been disabled for maintenance and will update the information once the wallet is reactivated.
https://twitter.com/justinsuntron/status/1722942733680296246

This is something we do not want to happen, but this problem will never stop, vulnerabilities are exploited and risks arise during use. But have no fear, as we are here to find what we hope it fulfills, this case will also be resolved and victims compensated for Poloniex's reputation. However, it is also a lesson for other users about managing their own assets.

Yes and more professional ones. This happened due to a low security network of Poloniex. Probably they need to have more security protocols and not only them but a lot of exchange like Binance Kucoin, which is targeted by hackers. Obviously this is not new but considering the news it will have a great impact on market situation.

They are doing what some big Blockchain proposed to their hackers when hot hacked. This isn't new as this is still the simplest way to approach an hacker.

Considering if it was not an internal problem. I feel this can become a big issue if not taken care soon. One of the biggest reason why everyone uses Tron Blockchain is explained below.

1.Tron is fast and reliable.
2.Transaction fees are the lowest.
3. Stable transaction fee.

What do you think ?

It was HTX last time and now another exchange has now been hit. I have always ask this question; tho, not on this platform, that " what are some exchanges doing right (Bitget, Kraken, MEXC and a few others) to stay free of these security exploit incidence? can't other exchanges collaborate with some of these exchanges to strengthen there security?

Despite the fact that I also feel collaboration and more investment in security could be the way forward,  white hat bonus payment should also be discouraged cos it's one of the reasons hacking have become a tradition in this crypto space.

Some projects lost even more money than this due to hacks and exploits. It is a well known exchange but not as big as binance or coinbase so i am not expecting a big impact on the overall market. But after so much positive news and mini altseason for the past few days a incedient like this can be a warning for those who think bull season has started. 

Many think it will heavily impact Justin Sun and the tron network but as i can see he is the owner of lots of other projects in the tron ecosystem and tron is also one of the biggest networks in TVL. So it is just a matter of time for justin sun to recover from this loss. We need to see how quickly he can manage to relaunch the exchange again.

This always happens to Justin Sun. His services get hacked, and he posts a "bounty" to try to convince the hackers to bring it back.

He's not seeing those coins again.

Not the best time to happen but at least Poloniex assured its users that they will reimburse users that are affected, actually the 5% whitehat bug bounty is specifically for the hackers just to return the funds they are not looking for white hat hackers, if hackers is good in making that fund untraceable I don't think he will take a bite on that 5% but if he wants to keep it safe he might send back the funds and keep the 5% bug bounty.

Offering bug bounty exchanges just encourages hacking but what if hackers offer a deal of 15% or even higher will Poloniex take the deal, we will see in the coming days if hackers agree to take the 5% bounty and return the fund or challenge the authority to chase them and prosecute them.

I think the offer is fair enough if the hackers are willing to return the what's stolen. HTX proposed similar offer when they were hacked. Tho, they also proposed giving the hacker a job as 'security white hat adviser ' and the stolen assets were refunded.

I hope the hackers refunds the stolen assets this time around cos the amount involved is huge compared to that of HTX.

TRX and USDD have nothing to do with the hack, so it does not significantly get affected, even though the exchange owner is the developer of the token.


Yes, due to the nature of their centralization process, they need regulation to force themselves to invest more in security. Besides hacks, transparency and accountability of the exchange funds are also worth considering, noting the FTX issues. But specifically about security, yes, since they handle users' money, they should take security as the main priority. Unfortunately, we are aware that many hacks happened both to DeFi and centralized exchange, but it shows they haven't made it into their top urgency.

The hackers obviously will have a hard time liquidating those coins but I don't think they just gonna let the opportunity slide and take that 5% reward from Poloniex rather they wait for the right time to totally steal those coins. This is not good news for the crypto community since bitcoin price is slightly increasing these days and I doubt it will gonna continue because of this hacking incident once again. Exchanges should really quit if they cannot secure their platforms because they just compromise their users every time they get hacked and lose the funds of their users.

We all know, that comparing Poloniex with other exchange have better security.

But still, there is some chance of getting hacked, because hackers cannot attack the network what they can do is attack the platform especially (exchange). IMO, better educated our self (Never trust anything, even the platform offering you with high security).

Never hold on exchange.

Yes, a new hack and thanks for the clarification of the Bounty

It happens rarely and if people who hack money has good intentions then they will not really target a private so I don't think the user who hacked money will be tempted by offer but the exchange can be more generous and offer a work contract too so that they can convince the users that they assept their security flaw and willing to rectify it no matter what.

I agree about the tokens explanation, but we also know that people might fud because "oh Poloniex is from Justin Sun and TRX was created by him it might collapse like FTX" You know shit like that

In terms of security, it worries me the lack of White Ethical Hacking departments that the projects Have, Exchanges and DeFI mostly. I mean I have some contacts in some CEX and I search often on CryptoJobList and Ethical hackers are not searched. A good example is a fellow Argentinean who found a massive breach on Curve and he retrieved the money back (Thankfully). The reserves Aspect is another important aspect, If I want to invest heavily in a CEX I look at how much is on BTC and Stablecoins (I know stable coins are not a guarantee of safeness or transparency but in a crash they are not that critically affected.... if the project or team behind it is honest)

I don't know, money from huge heists is hard to launder, and $3M risk free money must sound appealing. But i don't understand why anyone would believe it's not a trap.
That contract wouldn't be binded by law, and paper contract like that would be laughed out from any court if the criminal decides to take it.

Why would they give hacker anything after that? They would take the money and try to hand the hacker to police.

Seems like some exchanges just waiting a security breach before they step up with high level of security to protect investors funds. Anyways, Justin already said all affected users will be fully refunded so kp worries. However, it is still a thing of concern when an exchange which is supposed to have the highest level of security is easily breached and funds get stolen.

Why are these platforms easily hacked? 500 million is not a small amount that one hacker may be able to collect, even if he gets 5%, it is enough to live well in many countries of the world. I wonder how such platforms can not have an advanced security team.


Tron's transaction fees are not the cheapest and are increasing day by day. I paid about $20 to complete the last 20 transactions, with an average of $1 per transaction. These fees are enough to conduct 10,000 transactions on the MATIC network.

I kind of wonder how this relates to tron blockchain in any way and why you just included this in you reply on this discussions knowing fully well that the topic is about Poloniex exchange and not some blockchian related thread so I kind of get confused,  and to make matter worst,  you did not mention anything like self custody as one of the feature of from blockcain,  in the sense that users of any tron based exchange can hold custody of their coins and this prevent them form getting stolen by hackers at some point and so also we have to look at what make this features so unique and an additions to the many security problems that we may have with some of the exchanges or other platforms that act as third parties custodians.

Although most of the exchanges already have what they call safu, which is a refund insurance against such hacks and other security incidents that may happen in the exchange,  the team will make a 100% refund but then there is still a need to improve.

Are you talking about the one that happened last 2014?

it makes you think what kind of developments they have made since if even after 9 years later they got hacked again

i read that Poloniex didn’t have an exploit detection tool which could have helped them save over USD 45M
(https://cryptomaton.medium.com/poloniex-crypto-exchange-just-hacked-for-over-114-million-a-post-mortem-2484f8811b8a)

Yes, they are not bound by contract but its a grey area, and if the exchange use this offer as bait then surely it will backfire at them and assuming they got the hacker by tempting then surely someone from hacking community will do something for that and its known fact that hacking community can even break the most secured websites like intelligence and others to prove that they are not.

They need to put it up at most times about these bounties for the possible security breach that a hacker may find on their system.

It's going to give the idea for that hacker that he can earn from that exploit and at the same time, he'll help the exchange. But this is all for the white and gray hat hackers.

We have to deal with these hacks and we also need to remember that every exchange can be hacked, that's why bounties like this should be like forever.

Because even known websites have a continuous bounty program for potential security breaches or holes.

I think it was still not clear if it's just $60M but potentially it could be even worse to $100M hack. I don't know if this is just for publicity stake but Poloniex has never made any headline recently but hoping that they'll get it. The whole crypto needs development and yes it's still in infancy stages so it really need one

Getting hacked once is all right. Everyone does mistakes.
But twice? In less than 10 years?
I mean, it's a critical field, security should be the top priority. How come you be hacked twice in 10 years?

Right, the thing is that this is not the first time that they have been hack so obviously they didn't learn anything from the past and maybe they are just relaxed thinking that they could not be a target anymore. But there are a lot of groups even state sponsored hackers plying in the ecosystem. And one they case you, it will be just a matter of time before they hack the exchange in whichever means possible.

Not sure though what is the impact in the market situation. We didn't see any major downside on any top tier coins right now. So perhaps this is just a non factor and only Poloniex and it's customers and Justin are being affected. Hopefully the funds are SAFU so that those who lost their money can get it back at least.

I am not surprised. This is ultimately the never-ending weakness of centralized exchanges. Of course, DeFi can be hacked as well, but leaving your wallet in the hands of a single entity is not really a better alternative. This time, Poloniex will pay the victims back, or so they say. But one day, a big enough hack could happen and nobody from Poloniex is getting their money back.

Keep your coins in your own wallets. Thats really the best option to minimize the risks.

This is not the first time that this exchanged was hacked if I’m not mistaken and I’m really curious how much the security of this exchange because they become a victim again of the hackers. Most probably there’s an inside job here and that exchange should do their best to prevent this from happening again and assure their users that the site is still safe. Well, its not advisable to store your crypto on any exchanges at all, learn from this hacking incidents and save your crypto.

Not really new on which this isnt really just that limited on Poloniex when it comes to exchange hacks on which it could really be possibly to happen knowing that these place or platforms are
just like honeyspots for hackers knowing that this one involved millions of USD once they would really be able to breach out. If they've been able to experience hack in the past and now we are seeing  the same thing
then this solidly indicates that their security is simply shit. People who do make use or make those considerations are really that too dumb on trusting them again.
Remembering the days where Poloniex is indeed the best exchange platform out there before Binance come out.

Security breach kind issues in exchange platforms turns out to be not that shocking. They should really be putting that emphasis or focus that much when it comes to security
because you dont know on when those hackers would really be trying out to attack. COmpensation or 5% bounty? thats hell of a lot thing
but of course they would really be willing on giving out such amount just for that trace up.

It appears that some cryptocurrency exchanges are viewing each other as competitors rather than business partners. This could make it difficult for them to work together to protect each other's interests in terms of security. For example, Bitget you mentioned above once partnered with COBO Superloop, an off-exchange digital asset custody provider, to ensure that their users' funds are safely stored offline. This could be an effective security measure that other exchanges could adopt, but it is unclear how they choose to operate differently.

Why did they looking for whitehat hackers? They don't have any white hat hackers before?
It's pretty bad they already hacked in the past and now they still haven't hired any expert to protect their exchange?

What I see here is another inside job they already get enough funds to hold for the next block halving and make a profit and they are going to wait again until the price of BTC massively drops below $20k.

I had funds on Poloniex before they never sent my coins back to my wallet accessing my account again with zero balance. I never trust them because I know they are going to do this again and now it happens again just like what other exchanges or other businesses do they come back and run again(hit and run).

Exchanges treat each other as competitors as that is exactly what they are, while an exchange getting hacked is bad for the credibility of this market as a whole, and it is not something we want to see, for a competitor exchange hearing about a rival exchange getting hacked is in fact a good news.

Since on the short term people will decide to avoid that exchange and they will have the chance to gain those clients, so exchanges do not have too much of a reason to support each other on their efforts to improve their security as a whole.

This is well explained. So all Exchanges mind their own business and if they care enough for the user's safety on their Platform, they'll on their own look for ways to boost their Exchange security. So I would say it's not wise waiting to be hacked before looking for white hackers to help see to getting funds back. Why not bankroll a number of them, as well as implement other optimized security techniques.

Indeed competition, but I guess the exchanges in come way know that if others keep falling is not good for them in the long term. On the other hand, CEX as DeFI should look at what types of attacks and hacking happened to keep an eye on how to avoid it in the past. Hacking will happen always it will never fade.

PD: Again a white ethical hacking is mandatory for any project as well as a good Lawyer one for any financial company

The fact that two of Justin Sun's products — poloniex and Houbi exchange have had security breaches which isn't pleasant to hear. If I was a user of any of these exchanges, I doubt that I would want to try out any of Justin powered operations in the near future as these hacks that all occurred in the same year is a testament of how serious their security game — I know the security game is hard and no system is 100% safe from hack but still, if it's too easy, that's a problem for users. They might refund affected users but there's a point they can't refund if it becomes a normal occurrence.

This is a huge one, but it also begs the question, how did 60 million dollars was at a place that was easily accessible by a hacker. I mean there shouldn't be that much money in the hot wallet, which means that its going to be a tough pill to swallow for them but something they could learn from.

A 5% return would be 3 million dollars, and the yare not like asking it to people, they are asking the person who stole the money to bring it back. So, you either get 3 million clean money, or you get 60 million dirty money.

Anyone who has gone enough far to just hack it on an exchange and steal 60 million dollars would be a black hat hacker anyway and I do not see them giving that much money away to clear their name and give 57 back. That should be a priority of them to offer a bounty like that before any of this happens, so people could show them what's wrong, if you do not do that then you are going to get attacked by people. At least they learned a very expensive lesson, if they survive this then they should be able to protect their money better.

It is not the first time this has happened, fortunately poloniex will compensate the users involved, they should invest more in security measures, no exchange is 100% safe

Hacking cryptocurrency exchanges isn't something new; even top security exchange Binance gets hacked sometimes. No doubt, Exchange should focus on finding a security solution to prevent scams. But the problem is that hackers always try to break exchange security. When exchanges improve their security, hackers will find something to break it. So it's better to implement our own security system, I mean secure our funds. I am talking about don't store cryptocurrency in exchange. When you buy something, just move it into a non-custodial or hardware wallet. So it doesn't affect us when centralised exchanges get hacked.

As you have said truly no exchange is beyond hack but in the past I think I have heard about poloniex hack , happening again means they’ve got a weak security. Handling our assets they should tighten security am sure hackers will be targeting other cex like binance or even Bitget but seems unsuccessful coz they have tight security

Please is this a new hack? I thought they were recently hacked and the hacker agreed to the 5%bounty. This hacking is just getting too much

This is the right approach but investors rarely listen, after all even if the security exchanges can implement is superior to what a person can do on their own, at the same time the intensity of the attacks that we will have to face is way lower compared to the constant attacks exchanges are subject to.

So by simply becoming smaller and less profitable targets we can avoid a great deal of the hackers out there, unfortunately there are many holders that prefer to keep their coins at exchanges and risk losing their coins this way.

It's a new hack... I guess. This article has been posted a few days ago: LINK (https://www.fxstreet.com/cryptocurrencies/news/crypto-exchange-poloniex-hack-leads-to-60-million-in-assets-stolen-peckshield-says-202311101206#:~:text=Cryptos%20%7C%2011%2F10%2F2023%2012%3A06%3A00%20GMT%20Tron%20founder%20Justin,seven%20days%2C%20post%20which%20authorities%20would%20be%20involved.)
What's good right now is that, the exchange resume their withdrawals already after what happened to them: LINK (https://cointelegraph.com/news/poloniex-resumes-withdrawals-hack). You see it too much? It means one thing, and that is "THEIR SECURITY IS WEAK." They are focusing more on the marketing rather than the security of their own exchange.

Poloniex is one of the exchange that I've seen when I was starting in crypto in 2017 aside from Bittrex. It being hacked just shows that their security is weak to the point that they can get hacked that easily. They need to develop... or I should say focus more on the security of the exchange or else this might happen again, and again.

Hackings happening here and there just shows that the security of these Centralized Exchanges are weak. I guess it's a good thing that they are reimbursing it. Well, it's their fault after all so it's their responsibility. Hackings always happen that it came to a point that we see it as a normal thing already. More of these in the future. :)

it's not like that a new hacked in crypto currencies, i think poloniex hacked amount is over 60 millions usd,we know binance is also hacked in several times,
hacker try to find out any error/weak point in such exchanges then attacked.
i'm using hardware wallet to keep safe my coins because it's big risks to holding altcoins in exchanges,

I think if someone can take it, it can be frozen because CEX can mark the address that made the withdrawal.
If indeed they give a bounty to whoever can find it, maybe they can't do what I mentioned before, or is this just a drama to manipulate the market.

I think hackers are not stupid enough to use CEX, while they can easily exchange their coins using decentralized exchanges.
Such hacks of cryptocurrency exchanges once again give us a lesson that not everyone has yet learned - keep only the necessary minimum on the exchange, which is necessary for trading.

If you're asking if there's someone who's a white hat hacker here or any color variant of it, are you expecting that someone's going to outright answer you that they are? Because I don't think that a real hacker will reveal himself even on the forum or if they do, they're going to do that to actual hacking forums that there have been a lot of it existing on surface and deep web. Usually the ones that are on the surface web could be script kiddies, etc. and the real ones won't speak that much whether on a private or online forum.

I will be honest I never even knew that poloniex was even still operating lol.  I used to use them a long time ago and it was a pretty good exchange.  Do they even still operate in the US?  But on this note why do people keep.their crypto on exchanges?  Seriously will people ever learn?  It's not a wallet amd shouldn't be treated as such otherwise you will inevitably lose your money.

Binance was one of the strong exchanges I have seen that was able to stand strong and never crashed just like many that crashed because of being hacked. I think exchanges supposed to have other plans or insurance in case they got hacked. There are many ways exchanges can prevent severe hack that would affect their company but many would never have a second plan for customers funds and would rather prefer to crashout so that investors would have no option than to forget about their funds.

Many don’t remember this but they were actually hacked before. I think it was in 2013 and it was before I even used the exchange. A bunch of coins were stolen and they had to do a haircut for everyone’s balance. It was so long ago, most people don’t remember or are new to crypto.

The fact that they got hacked this day and age is crazy. Especially with what happened last year with Ftx. Hopefully all users will be reimbursed.

We have many hacks since the start of the Crypto world now we can recently CoinEx exchange hack and this which you have mentioned.
And this is a new thing for me  and also good to see that they are offering a reward to hackers who can help find problems and make their security better.
I think that exchanges and DeFi platforms need to keep improving their security. As the cryptocurrency industry is growing hackers are getting smarter. Platforms should stay updated by adding strong protection and updating their security measures.
All the projects in crypto should make security a priority and should find new ways to protect users. If they will do this they will make trustworthy users and get more people to use it. This will make the whole system safer and stronger.

Not only hackers are getting more capable, we must also understand that as this market has become bigger the attention of more talented and skilled hackers have become set on this market.

And this can be a real problem for exchanges, because as much as they want to protect their customers, hackers have all the time in the world to infiltrate them and look for any vulnerability, and as soon as they find one then they can take advantage of it and steal tens of millions of dollars with ease.