Poloniex Loses 12.3% of its Bitcoins in Latest Bitcoin Exchange Hack

Withdrawals are once again live on Poloniex after it lost 12.3% of its bitcoins to hackers.

AccessTimeIconMar 5, 2014 at 8:11 p.m. UTC
Updated Sep 3, 2021 at 10:31 a.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Digital currency exchange Poloniex, which trades bitcoin and other popular digital currencies such as litecoin, namecoin and dogecoin, has lost 12.3% of its total bitcoin supply in an attack.

The exchange took to Bitcoin Forum on 4th March to report it had been compromised by a previously unknown vulnerability in its coding.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • Writing under the username Busoni, Poloniex owner Tristan D'Agosta, moved to calm concerned users by explaining what lead to the hack, as well as what the next steps from the company would be.

    D'Agosta explained:

    "The hacker discovered that if you place several withdrawals all in practically the same instant, they will get processed at more or less the same time. This will result in a negative balance, but valid insertions into the database, which then get picked up by the withdrawal daemon."

    D'Agosta also detailed the exact process by which transactions on the exchange were confirmed to highlight the error, and further, took full responsibility for the loss, stating that he plans to repay the company's customers.

    According to a Twitter post from the company, the original attack occurred during the early morning hours of 4th March.

    — Poloniex Exchange (@Poloniex) March 4, 2014

    Behind the hack

    Due to its current bitcoin shortage, Poloniex indicated that all customer balances would temporarily be reduced by 12.3% "out of absolute necessity". D'Agosta suggested that this was the only way that bitcoins could be distributed fairly among affected users.

    "If I did not make this adjustment, people would most likely withdraw all their BTC as soon as possible in order to make sure they weren't left in that remaining 12.3%."

    Poloniex plans to record the balances and to pay back customers using exchange fees as well as personal contributions. As a result, he indicated that all exchange fees would be temporarily raised to 1.5%, up from 0.2%. Altcoin and bitcoin withdrawals have since been reinstated, going back online on 4th March after less than a day's delay.

    — Poloniex Exchange (@Poloniex) March 4, 2014

    System changes

    D'Agosta did also credit his design with preventing a more massive bitcoin loss. For example, he noted that the company's existing security features noticed the unusual withdrawal activity and froze affected accounts.

    In the attack announcement, D'Agosta listed a number of next steps his company would follow, including updating the withdrawal daemon to check for negative balances before processing withdrawals and freezing any account with a negative balance.

    According to its Twitter feed, updates have already been made.

    — Poloniex Exchange (@Poloniex) March 5, 2014

    Moving forward

    D'Agosta expressed his apologies for the attack and appealed to the community for continued feedback on he could improve the service. Said D'Agosta:

    "I do not have the money to wave away the debt, so we'll need to work together."

    Response from the Bitcoin Talk community was largely positive, with many commenters posting messages of support for D'Agosta and his exchange.

    Notably, the announcement follows a recent rush of attacks against bitcoin services, including Mt. Gox, Silk Road 2.0 – which has also embarked on a repayment plan, and Alberta-based "bitcoin bank" Flexcoin, which shut down its services on 4th March after losing $600,000 in bitcoins.

    Image credit: Cybercrime via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.