 Show Posts
|
|
Pages: [1] 2 »
|
|
Hi guys, just to give you more information, I don't have any information how someone got into my account. If you read the news story it tells how the guys who are now indicted in the US carried out the attack. Poloniex recognises the attack on my account. Please see the last email from pooniex below, its been goin on for 3 years now and they have still not fully investigated it: email from poloniex below:
Hi,
Thanks for the message, we can see that the original attack on your account with the bad trades had occurred around 6th June 2017,
Please allow us time to review the information and conduct an investigation after which we can get back to you should we recover any assets on the attacker account.
We appreciate your patience in the meantime.
- Poloniex
|
|
|
|
Hi, My coins were traded away by someone hacking into my account and trading the coins against himself. You can find the full story here https://bitcointalk.org/index.php?topic=1988476.msg19800513#msg19800513Since then, I had raised a ticked and also reported it to the police here in the UK. The ActionFraud Police (National Fraud & Cyber Crime Reporting Centre) have been trying to contact poloniex but they have not been responding. Poloniex have since stopped responding to me as well from the time I asked them for contact details for the police to contact them. I had lost coins in access of $17000 which is a lot of money to me. All, can you please suggest what is the best course of action now, Poloniex is not responding. Thanks in advance, Arsat |
|
|
|
Thank you for getting in touch and please accept my apologies for the delay with this update. I am very sorry but your account was compromised through your login credentials and the attacker traded on other markets with your funds. Unfortunately as you did not have 2FA enabled, these credentials were all the attacker required to be able to access your account. We would like you to know that we are still investigating this very complex issue and there is a remote possibility that some of the stolen funds can be recovered. We will do our best however there is no guarantee that this will be successful. I am sorry again to hear that this unfortunate situation has occurred, however we would also like to advise you to please be very careful in the future with your operational security. Never use the same password on different sites, keep your email account and Poloniex account secured with 2FA and do not download any software to the computer you are handling your trading accounts with unless you are ABSOLUTELY sure it is safe. Sincerely, Poloniex Support Team Ticket: https://poloniex.freshdesk.com/helpdesk/tickets/298363this is what i got in reply from poloniex after 40 days. My account is hacked almost in similar way,others have mentioned. going through the google searches , i found that these kind of "hack & unauthorized trades"
happened in almost all of the cases between may to july end. now there is no reporting of cases like this . neither there was any before may. i seriously doubt it's an organized hack with the involvement of some insiderDid they manage to recover any of the funds for you? they have stopped responding to me! |
|
|
|
Does anyone know the contact details for Poloniex, I have involved the law enforcement agency in the UK and they are having trouble finding their contact details!
Easy to find with google: Poloniex, LLC 1013 Centre Road Suite 403-B Wilmington, DE 19801 Founder is Mr Tristan D'agosta Thanks mate, is there an email address for them for the Action Fraud to contact them? |
|
|
|
|
Does anyone know the contact details for Poloniex, I have involved the law enforcement agency in the UK and they are having trouble finding their contact details!
|
|
|
|
My chain of communication with Poloniex
----------------------------------------------------------------------------------------------- Hi xxxx, I am very sorry that this has happened to you, however we have not had any breach of security on our side and this incident is specific to your individual account. We can not be held responsible for any breach where the attacker has used your login details to gain access to your account. Your greatest risk is an account breach due to your login credentials being stolen through phishing or social engineering, which is most likely the case here. This is why it is so important to have 2FA enabled on your account. Also critical: the email address the account is registered under needs to be carefully protected as well, including a unique password and 2FA. Ideally, these accounts should be accessed either from a dedicated computer or a computer that is used for as little else as possible. Any sort of remote access software, such as Team Viewer or VNC, should be completely removed. It is not possible to reverse trades and if the funds have already since left our system/been withdrawn then unfortunately they will be gone forever due to the nature of blockchain technology. Our compliance team are investigating this particular matter however and if it surfaces that we can recover any or all of your funds then we would indeed inform you of this in due course. Thank you for understanding. Best regards, Kevin Poloniex Support Ticket: https://poloniex.freshdesk.com/helpdesk/tickets/271818B xxxx, said 4 days ago Thanks Kevin, Please let me know how long will it take for your compliance team to investigate this particular matter. Also please send me the evidence of who traded against me (the thief) and the evidence if the funds have since left the system. And if the funds have not left the exchange have you made any effort to block the thief's account and recover my funds. I would need all that information in the legal proceedings to follow. I did not have any security breach at my end and all my passwords Were secure. At the end of the day I have been a victim of a crime and exchange should do all it can to recover funds. Thanks, xxx K Kevin, said 4 days ago Hi xxx, First of all, your account details were not leaked by us. We have never had any data breach on our system. This has arisen from the attacker knowing your login details, most likely due to phishing or social engineering, or possibly even something so simple as a malicious browser extension. With regards to your request, unfortunately we cannot disclose details of an account to a 3rd party without a subpoena from law enforcement. Best regards, Kevin Poloniex Support thats completely and utterly bulls"it, they have the power to freeze any account they like and they can easily track down who's account was doing this and freeze it, it seems to me they don't care about what this hacker is doing. Thats true, I sent them a screen shot of trading graph and exact time of the attack, on the very illiquid pair. They still have not investigated this from the looks of it! totally outrageous its beyond a joke. I've just updated my ticket to tell them my password was one of a kind, never used anywhere else, i never give my password to anyone, don't write it down anywhere, and Is used on a secure devise. if they was to actually bother they could freeze his/her account and recover the funds, they just can't be bothered. i still think these exchanges should insure everyones funds for such things, i would happily pay a monthly fee if they did such thing. Do you think we should start a legal action? I have lost a lot because of this i am from the U.K if you're also from U.K, i would defiantly be interested in starting legal action with you, i have also lost a lot due to this and its set me back a bit. Yes, I am based in the UK as well, based in London, which city are you located in? Okay thats great! we should be able to set something legal up, i am based in Hampshire a few hours away Cool lets PM, Anyone else in the region been a victim, the more the merrier, we could all join hands to start the legal proceedings Any updates? Maybe some victims from US, can make collective lawsuit in local court against Poloniex? Indeed, please PM me if you want to join in, I will be starting legal action soon |
|
|
|
The exact same thing happen to me yesterday. Around 5000 EUR was drained out of my account.
First everything was transferred to BTC->XMR and afterwards traded on pairs with almost no liquidity.
I was completely sure my account was secure. Still have no idea how someone could access my password.
It doesn't help that Poloniex requires you to click a link in an email to withdraw. This gives you a false sense of security.
I was considering this to be my 2FA and never taught about this attack vector with low liquidity pairs.
I'm sure many more people fall victim to this attack that are not posting here. It's also a bit discouraging that Poloniex doesn't show even a bit of interest in fixing or informing users that this can happen. There are many simple things that they could do, just requiring an email confirmation when you first time trade something "strange". They have insight into the whole system, fraud detection should be one of their priorities. This looks like the most common attack right now.
I was lucky as I will survive without this money, but many others could have their lives destroyed. It's also sad to see the community react in such a victim blaming way. Saying, you should have done this or you should have done that. Why are you not as smart as me? Don't keep your money on an exchange!
This is not really helping anyone. We are all humans. Sometimes we forget to set up something (I should definitely change the brake-fluid in my car) or make mistakes. Why don't we work together to try to fix problems and save others? It's not someones fault to assume he is not going to get robbed.
Many thanks mate as this was my point of the original post not to say this and that but to help, as I said earlier 2FA is not mandatory and this may exactly be the same person who has robbed me. Makes me wonder if poloniex has done anything to stop this sort of attack. I suspect they have not even looked at my case where I sent them all the evidence to block the thief's account to recover my funds, what a shame |
|
|
|
My chain of communication with Poloniex
----------------------------------------------------------------------------------------------- Hi xxxx, I am very sorry that this has happened to you, however we have not had any breach of security on our side and this incident is specific to your individual account. We can not be held responsible for any breach where the attacker has used your login details to gain access to your account. Your greatest risk is an account breach due to your login credentials being stolen through phishing or social engineering, which is most likely the case here. This is why it is so important to have 2FA enabled on your account. Also critical: the email address the account is registered under needs to be carefully protected as well, including a unique password and 2FA. Ideally, these accounts should be accessed either from a dedicated computer or a computer that is used for as little else as possible. Any sort of remote access software, such as Team Viewer or VNC, should be completely removed. It is not possible to reverse trades and if the funds have already since left our system/been withdrawn then unfortunately they will be gone forever due to the nature of blockchain technology. Our compliance team are investigating this particular matter however and if it surfaces that we can recover any or all of your funds then we would indeed inform you of this in due course. Thank you for understanding. Best regards, Kevin Poloniex Support Ticket: https://poloniex.freshdesk.com/helpdesk/tickets/271818B xxxx, said 4 days ago Thanks Kevin, Please let me know how long will it take for your compliance team to investigate this particular matter. Also please send me the evidence of who traded against me (the thief) and the evidence if the funds have since left the system. And if the funds have not left the exchange have you made any effort to block the thief's account and recover my funds. I would need all that information in the legal proceedings to follow. I did not have any security breach at my end and all my passwords Were secure. At the end of the day I have been a victim of a crime and exchange should do all it can to recover funds. Thanks, xxx K Kevin, said 4 days ago Hi xxx, First of all, your account details were not leaked by us. We have never had any data breach on our system. This has arisen from the attacker knowing your login details, most likely due to phishing or social engineering, or possibly even something so simple as a malicious browser extension. With regards to your request, unfortunately we cannot disclose details of an account to a 3rd party without a subpoena from law enforcement. Best regards, Kevin Poloniex Support thats completely and utterly bulls"it, they have the power to freeze any account they like and they can easily track down who's account was doing this and freeze it, it seems to me they don't care about what this hacker is doing. Thats true, I sent them a screen shot of trading graph and exact time of the attack, on the very illiquid pair. They still have not investigated this from the looks of it! totally outrageous its beyond a joke. I've just updated my ticket to tell them my password was one of a kind, never used anywhere else, i never give my password to anyone, don't write it down anywhere, and Is used on a secure devise. if they was to actually bother they could freeze his/her account and recover the funds, they just can't be bothered. i still think these exchanges should insure everyones funds for such things, i would happily pay a monthly fee if they did such thing. Do you think we should start a legal action? I have lost a lot because of this i am from the U.K if you're also from U.K, i would defiantly be interested in starting legal action with you, i have also lost a lot due to this and its set me back a bit. Yes, I am based in the UK as well, based in London, which city are you located in? Okay thats great! we should be able to set something legal up, i am based in Hampshire a few hours away Cool lets PM, Anyone else in the region been a victim, the more the merrier, we could all join hands to start the legal proceedings |
|
|
|
|
Cool lets PM,
Anyone else in the region been a victim, the more the merrier, we could all join hands to start the legal proceedings
|
|
|
|
My chain of communication with Poloniex
----------------------------------------------------------------------------------------------- Hi xxxx, I am very sorry that this has happened to you, however we have not had any breach of security on our side and this incident is specific to your individual account. We can not be held responsible for any breach where the attacker has used your login details to gain access to your account. Your greatest risk is an account breach due to your login credentials being stolen through phishing or social engineering, which is most likely the case here. This is why it is so important to have 2FA enabled on your account. Also critical: the email address the account is registered under needs to be carefully protected as well, including a unique password and 2FA. Ideally, these accounts should be accessed either from a dedicated computer or a computer that is used for as little else as possible. Any sort of remote access software, such as Team Viewer or VNC, should be completely removed. It is not possible to reverse trades and if the funds have already since left our system/been withdrawn then unfortunately they will be gone forever due to the nature of blockchain technology. Our compliance team are investigating this particular matter however and if it surfaces that we can recover any or all of your funds then we would indeed inform you of this in due course. Thank you for understanding. Best regards, Kevin Poloniex Support Ticket: https://poloniex.freshdesk.com/helpdesk/tickets/271818B xxxx, said 4 days ago Thanks Kevin, Please let me know how long will it take for your compliance team to investigate this particular matter. Also please send me the evidence of who traded against me (the thief) and the evidence if the funds have since left the system. And if the funds have not left the exchange have you made any effort to block the thief's account and recover my funds. I would need all that information in the legal proceedings to follow. I did not have any security breach at my end and all my passwords Were secure. At the end of the day I have been a victim of a crime and exchange should do all it can to recover funds. Thanks, xxx K Kevin, said 4 days ago Hi xxx, First of all, your account details were not leaked by us. We have never had any data breach on our system. This has arisen from the attacker knowing your login details, most likely due to phishing or social engineering, or possibly even something so simple as a malicious browser extension. With regards to your request, unfortunately we cannot disclose details of an account to a 3rd party without a subpoena from law enforcement. Best regards, Kevin Poloniex Support thats completely and utterly bulls"it, they have the power to freeze any account they like and they can easily track down who's account was doing this and freeze it, it seems to me they don't care about what this hacker is doing. Thats true, I sent them a screen shot of trading graph and exact time of the attack, on the very illiquid pair. They still have not investigated this from the looks of it! totally outrageous its beyond a joke. I've just updated my ticket to tell them my password was one of a kind, never used anywhere else, i never give my password to anyone, don't write it down anywhere, and Is used on a secure devise. if they was to actually bother they could freeze his/her account and recover the funds, they just can't be bothered. i still think these exchanges should insure everyones funds for such things, i would happily pay a monthly fee if they did such thing. Do you think we should start a legal action? I have lost a lot because of this i am from the U.K if you're also from U.K, i would defiantly be interested in starting legal action with you, i have also lost a lot due to this and its set me back a bit. Yes, I am based in the UK as well, based in London, which city are you located in? |
|
|
|
My chain of communication with Poloniex
----------------------------------------------------------------------------------------------- Hi xxxx, I am very sorry that this has happened to you, however we have not had any breach of security on our side and this incident is specific to your individual account. We can not be held responsible for any breach where the attacker has used your login details to gain access to your account. Your greatest risk is an account breach due to your login credentials being stolen through phishing or social engineering, which is most likely the case here. This is why it is so important to have 2FA enabled on your account. Also critical: the email address the account is registered under needs to be carefully protected as well, including a unique password and 2FA. Ideally, these accounts should be accessed either from a dedicated computer or a computer that is used for as little else as possible. Any sort of remote access software, such as Team Viewer or VNC, should be completely removed. It is not possible to reverse trades and if the funds have already since left our system/been withdrawn then unfortunately they will be gone forever due to the nature of blockchain technology. Our compliance team are investigating this particular matter however and if it surfaces that we can recover any or all of your funds then we would indeed inform you of this in due course. Thank you for understanding. Best regards, Kevin Poloniex Support Ticket: https://poloniex.freshdesk.com/helpdesk/tickets/271818B xxxx, said 4 days ago Thanks Kevin, Please let me know how long will it take for your compliance team to investigate this particular matter. Also please send me the evidence of who traded against me (the thief) and the evidence if the funds have since left the system. And if the funds have not left the exchange have you made any effort to block the thief's account and recover my funds. I would need all that information in the legal proceedings to follow. I did not have any security breach at my end and all my passwords Were secure. At the end of the day I have been a victim of a crime and exchange should do all it can to recover funds. Thanks, xxx K Kevin, said 4 days ago Hi xxx, First of all, your account details were not leaked by us. We have never had any data breach on our system. This has arisen from the attacker knowing your login details, most likely due to phishing or social engineering, or possibly even something so simple as a malicious browser extension. With regards to your request, unfortunately we cannot disclose details of an account to a 3rd party without a subpoena from law enforcement. Best regards, Kevin Poloniex Support thats completely and utterly bulls"it, they have the power to freeze any account they like and they can easily track down who's account was doing this and freeze it, it seems to me they don't care about what this hacker is doing. Thats true, I sent them a screen shot of trading graph and exact time of the attack, on the very illiquid pair. They still have not investigated this from the looks of it! totally outrageous its beyond a joke. I've just updated my ticket to tell them my password was one of a kind, never used anywhere else, i never give my password to anyone, don't write it down anywhere, and Is used on a secure devise. if they was to actually bother they could freeze his/her account and recover the funds, they just can't be bothered. i still think these exchanges should insure everyones funds for such things, i would happily pay a monthly fee if they did such thing. Do you think we should start a legal action? I have lost a lot because of this You need to report it to the police (you should have done this straight way). They are the only ones able to compel Polo to release the details of the person who traded against you, and to pursue the other trader for the funds (and try them in court). It's no good suing Polo - they can prove you didn't have 2fa, and therefore they are not liable (especially as the terms and conditions when you signed up probably say something to the effect thay you are responsible for making sure your passwords are not stolen. I did report it to police straight away, though police has done nothing yet, I do not think police even understands the complexity of the issue |
|
|
|
My chain of communication with Poloniex
----------------------------------------------------------------------------------------------- Hi xxxx, I am very sorry that this has happened to you, however we have not had any breach of security on our side and this incident is specific to your individual account. We can not be held responsible for any breach where the attacker has used your login details to gain access to your account. Your greatest risk is an account breach due to your login credentials being stolen through phishing or social engineering, which is most likely the case here. This is why it is so important to have 2FA enabled on your account. Also critical: the email address the account is registered under needs to be carefully protected as well, including a unique password and 2FA. Ideally, these accounts should be accessed either from a dedicated computer or a computer that is used for as little else as possible. Any sort of remote access software, such as Team Viewer or VNC, should be completely removed. It is not possible to reverse trades and if the funds have already since left our system/been withdrawn then unfortunately they will be gone forever due to the nature of blockchain technology. Our compliance team are investigating this particular matter however and if it surfaces that we can recover any or all of your funds then we would indeed inform you of this in due course. Thank you for understanding. Best regards, Kevin Poloniex Support Ticket: https://poloniex.freshdesk.com/helpdesk/tickets/271818B xxxx, said 4 days ago Thanks Kevin, Please let me know how long will it take for your compliance team to investigate this particular matter. Also please send me the evidence of who traded against me (the thief) and the evidence if the funds have since left the system. And if the funds have not left the exchange have you made any effort to block the thief's account and recover my funds. I would need all that information in the legal proceedings to follow. I did not have any security breach at my end and all my passwords Were secure. At the end of the day I have been a victim of a crime and exchange should do all it can to recover funds. Thanks, xxx K Kevin, said 4 days ago Hi xxx, First of all, your account details were not leaked by us. We have never had any data breach on our system. This has arisen from the attacker knowing your login details, most likely due to phishing or social engineering, or possibly even something so simple as a malicious browser extension. With regards to your request, unfortunately we cannot disclose details of an account to a 3rd party without a subpoena from law enforcement. Best regards, Kevin Poloniex Support thats completely and utterly bulls"it, they have the power to freeze any account they like and they can easily track down who's account was doing this and freeze it, it seems to me they don't care about what this hacker is doing. Thats true, I sent them a screen shot of trading graph and exact time of the attack, on the very illiquid pair. They still have not investigated this from the looks of it! totally outrageous its beyond a joke. I've just updated my ticket to tell them my password was one of a kind, never used anywhere else, i never give my password to anyone, don't write it down anywhere, and Is used on a secure devise. if they was to actually bother they could freeze his/her account and recover the funds, they just can't be bothered. i still think these exchanges should insure everyones funds for such things, i would happily pay a monthly fee if they did such thing. Do you think we should start a legal action? I have lost a lot because of this |
|
|
|
My chain of communication with Poloniex
----------------------------------------------------------------------------------------------- Hi xxxx, I am very sorry that this has happened to you, however we have not had any breach of security on our side and this incident is specific to your individual account. We can not be held responsible for any breach where the attacker has used your login details to gain access to your account. Your greatest risk is an account breach due to your login credentials being stolen through phishing or social engineering, which is most likely the case here. This is why it is so important to have 2FA enabled on your account. Also critical: the email address the account is registered under needs to be carefully protected as well, including a unique password and 2FA. Ideally, these accounts should be accessed either from a dedicated computer or a computer that is used for as little else as possible. Any sort of remote access software, such as Team Viewer or VNC, should be completely removed. It is not possible to reverse trades and if the funds have already since left our system/been withdrawn then unfortunately they will be gone forever due to the nature of blockchain technology. Our compliance team are investigating this particular matter however and if it surfaces that we can recover any or all of your funds then we would indeed inform you of this in due course. Thank you for understanding. Best regards, Kevin Poloniex Support Ticket: https://poloniex.freshdesk.com/helpdesk/tickets/271818B xxxx, said 4 days ago Thanks Kevin, Please let me know how long will it take for your compliance team to investigate this particular matter. Also please send me the evidence of who traded against me (the thief) and the evidence if the funds have since left the system. And if the funds have not left the exchange have you made any effort to block the thief's account and recover my funds. I would need all that information in the legal proceedings to follow. I did not have any security breach at my end and all my passwords Were secure. At the end of the day I have been a victim of a crime and exchange should do all it can to recover funds. Thanks, xxx K Kevin, said 4 days ago Hi xxx, First of all, your account details were not leaked by us. We have never had any data breach on our system. This has arisen from the attacker knowing your login details, most likely due to phishing or social engineering, or possibly even something so simple as a malicious browser extension. With regards to your request, unfortunately we cannot disclose details of an account to a 3rd party without a subpoena from law enforcement. Best regards, Kevin Poloniex Support thats completely and utterly bulls"it, they have the power to freeze any account they like and they can easily track down who's account was doing this and freeze it, it seems to me they don't care about what this hacker is doing. Thats true, I sent them a screen shot of trading graph and exact time of the attack, on the very illiquid pair. They still have not investigated this from the looks of it! totally outrageous |
|
|
|
My chain of communication with Poloniex
----------------------------------------------------------------------------------------------- Hi xxxx, I am very sorry that this has happened to you, however we have not had any breach of security on our side and this incident is specific to your individual account. We can not be held responsible for any breach where the attacker has used your login details to gain access to your account. Your greatest risk is an account breach due to your login credentials being stolen through phishing or social engineering, which is most likely the case here. This is why it is so important to have 2FA enabled on your account. Also critical: the email address the account is registered under needs to be carefully protected as well, including a unique password and 2FA. Ideally, these accounts should be accessed either from a dedicated computer or a computer that is used for as little else as possible. Any sort of remote access software, such as Team Viewer or VNC, should be completely removed. It is not possible to reverse trades and if the funds have already since left our system/been withdrawn then unfortunately they will be gone forever due to the nature of blockchain technology. Our compliance team are investigating this particular matter however and if it surfaces that we can recover any or all of your funds then we would indeed inform you of this in due course. Thank you for understanding. Best regards, Kevin Poloniex Support Ticket: https://poloniex.freshdesk.com/helpdesk/tickets/271818B xxxx, said 4 days ago Thanks Kevin, Please let me know how long will it take for your compliance team to investigate this particular matter. Also please send me the evidence of who traded against me (the thief) and the evidence if the funds have since left the system. And if the funds have not left the exchange have you made any effort to block the thief's account and recover my funds. I would need all that information in the legal proceedings to follow. I did not have any security breach at my end and all my passwords Were secure. At the end of the day I have been a victim of a crime and exchange should do all it can to recover funds. Thanks, xxx K Kevin, said 4 days ago Hi xxx, First of all, your account details were not leaked by us. We have never had any data breach on our system. This has arisen from the attacker knowing your login details, most likely due to phishing or social engineering, or possibly even something so simple as a malicious browser extension. With regards to your request, unfortunately we cannot disclose details of an account to a 3rd party without a subpoena from law enforcement. Best regards, Kevin Poloniex Support
|
|
|
|
|
Guys just to update, Poloniex has not gotten back to me despite several emails and tickets. I am thinking of filing a lawsuit
I have seen many being in the same boat, please respond below if you want to join me in this
|
|
|
|
|
Thanks, I am thinking of taking some legal action, problem is i am based in London and all my savings (17000) is gone
|
|
|
|
My working theory is that the attackers hacked polo, got a list of non 2fa, then went manually through them alphabetical.
The hacker has been able to do this for atleast a month and a half.
The hacker drained my account nearly exactly like yours by setting counter trades.
Yes polo should be able to track this, have they made any effort to call in authorities? I doubt it.
Hence, I believe they should be opened to a lawsuit.
No, they have not made any effort or gotten back to me yet, I have been constatnly sending them emails, and raised a ticked 4 days ago! |
|
|
|
In my case ,at the end of May, I booted fresh from a livelinux CD and used a new email address. The only thing I did different was I had to contact their help desk.
So I'm not sure how my account was compromised then.
Also my compromised account started with an A, so I assume hacker got access to polo database an went alphabetical.
Op did you previously contact the polo help desk for anything.
Also what letter did your account begin with?
My Account started with A as well (we may be on to something here)!! but not, I did not contact their help desk at all before that, Did you see any unauthorized activity on your account? |
|
|
|
Sorry about your loss, but the money is gone. You will not be able to recover it as I suspect its already off poloniex and has been mixed.
But poloniex was the custodian of my coins, someone hacked at stole my coins, they should compensate me right |
|
|
|
|
