Why you should always restrict API access by IP

[pornluver]

I have 2 API in my poloniex account. One is cryptolend and another is what I used.

Both can trade.

One day 1.5 bitcoin is gone from my account. Why? A hacker use one of the IP to make losing trades. Similar hacks in Poloniex are plenty.

Polonies does not want to tell me which API is used.

I do not think it's the API I set for cryptolend but can't rule them out.

What is cryptolend IP?

We need to restrict API only on cryptolend API

[BitMaxz]

Its a well known issue on poloniex there are many users before experienced the same thing but I don think it is because of API.

Let me ask if what software you use to put the poloniex API?
Maybe someone can remote your PC or someone has access to your Email so that the hacker can able to disable the POloniex IP restriction.

Did you add 2nd factor authentication?

If your account is fully protected with 2fa and you sure no one could access your email maybe it is a poloniex issue or a bug or they are stole your bitcoin (possible) it's a known issue before that is why I stop using their service.

What is cryptolend IP?

That's a big problem because you use a 3rd party(cryptolend) connected to your account?
I don't know if what is their IP but try to ask Poloniex if they have a IP record when using API.

[roosbit]

How do these guys get your IP in the first place??

Was reading something similar just today of Binance being hacked in a similar fashion....

The exchange lost over 40 million dollars, you can read article »» https://coinfomania.com/binance-hack-7000btc-security-breach/

[Kemarit]

How do these guys get your IP in the first place??

Those hackers are intelligent, if they can get through you system then obviously they will have the ability to steal your IP addresses.

Was reading something similar just today of Binance being hacked in a similar fashion....

The exchange lost over 40 million dollars, you can read article »» https://coinfomania.com/binance-hack-7000btc-security-breach/

Yes, it's been a week already, hackers used a sophisticated way of hacking, like phishing and spreading malware that's why the hackers was able to harvest lots of Binance accounts. They're able to get API, Google Authentications and 2FA's.

As for the OP's issues, using a third party like cryptolend is very risky.

[blitzy]

it is a bit worrisome just how open some apis are, on some services an api key is far superior having the login/password credentials

[Baofeng]

Here another hack that looks like API exploit again, https://www.chepicap.com/en/news/10325/gatehub-hacked-nearly-10-million-in-xrp-has-been-stolen.html

"API requests to the victim’s accounts were all authorized with a valid access token. There were no suspicious logins detected, nor there were any signs of brute forcing.

We have however detected an increased amount of API calls (with valid access tokens) coming from a small number of IP addresses which might be how the perpetrator gained access to encrypted secret keys.

That, however, still doesn’t explain how the perpetrator was able to gain other required information needed to decrypt the secret keys.

All access tokens were disabled on June 1st after which the suspicious API calls were stopped."

Very very worrisome and this hackers are going to exploit this, if we're not going to do something about API calls.

[Slow death]

One day 1.5 bitcoin is gone from my account.

 

if the memory does not fail me, when I used poloniex, whenever I made a withdrawal, poloniex would send an email to my email and in that email that poloniex sent me had the link that allowed me to accept the withdrawal (it was a link confirmation of withdrawal). now they do not have this? and if they have, how could you be stolen?

How do these guys get your IP in the first place??

I have the same question too.

[jossiel]

How do these guys get your IP in the first place??

I have the same question too.

Probably from backdoor or an inside job? they are hackers and they've got many ways to know it or they are too intelligent enough to have their own tool / software to decrypt those secret keys and bypass the normal process of access.

I'm also worried with this type of news about 2FA: http://fortune.com/2019/06/04/phishing-scam-hack-two-factor-authentication-2fa/

[SirLancelot]

I have 2 API in my poloniex account. One is cryptolend and another is what I used.

Both can trade.

One day 1.5 bitcoin is gone from my account. Why? A hacker use one of the IP to make losing trades. Similar hacks in Poloniex are plenty.

Polonies does not want to tell me which API is used.

I do not think it's the API I set for cryptolend but can't rule them out.

What is cryptolend IP?

We need to restrict API only on cryptolend API

Hmph… poloniex always have lots of issues here and there. That's why a lot of people have been running from them right from beginning. I have always been avoiding them right from the start. I only made use of their exchange back when I was a newbie, apart from Coinbase pro (GDAX then) Poloniex was another exchange I was using then and when I started seeing lots of complaints about them I just quickly switched to another exchange (Binance). I don't waste time. In distancing myself from any exchange I think is bad. But recently I've been seeing news that they are getting better, though I don't know if that is true. For me, I don't think I'm going back there.

[squatter]

if the memory does not fail me, when I used poloniex, whenever I made a withdrawal, poloniex would send an email to my email and in that email that poloniex sent me had the link that allowed me to accept the withdrawal (it was a link confirmation of withdrawal). now they do not have this? and if they have, how could you be stolen?

The money wasn't exactly "stolen." You can't use the withdrawal system through the API. Hackers probably used his account (and others) to pump altcoins they were already holding. The hackers could sell their altcoins at inflated prices, then withdraw bitcoins through their accounts.

There was a large scale attack of this kind on Binance last year. The hackers pumped the Viacoin market in an attempt to withdraw:

Yesterday, within the aforementioned 2 minute period, the hackers used the API keys, placed a large number of market buys on the VIA/BTC market, pushing the price high, while 31 pre-deposited accounts were there selling VIA at the top. The hackers managed to create a pump for Viacoin where the price increased from approximately 0.0002532 till 0.025 (10,000% increase). This was an attempt to move the BTC from the phished accounts to the 31 accounts. Withdrawal requests were then attempted from these accounts immediately afterwards.

Those who had their accounts phished experienced losses because their bitcoins were used to buy VIA at inflated prices. When the market returned to normal, that VIA was worth very little.