1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Somebody just hacked my Poloniex account.

Discussion in 'BlackHat Lounge' started by 55trillion, Jul 2, 2017.

  1. 55trillion

    55trillion Power Member

    Joined:
    Sep 27, 2015
    Messages:
    512
    Likes Received:
    130
    Occupation:
    Financial Trader
    Location:
    India
    Hi all,

    Few minutes ago i received a email from poloniex stating to change my password follow the link, i didn't clicked the link next minute next email password changed successfully arrived.

    I immediately logged into poloniex and my password was already changed then i tried to reset password again it said "wait minimum 10 minutes to reset the password" after 10 minutes i changed my password.

    By that time i received the email for fund withdrawal request confirmation again i didn't clicked and the next minute Funds withdraw successfully completed.

    I have a strong feeling that its POLONIEX who is stealing.

    withd.png
     
  2. laur.laurix

    laur.laurix Power Member

    Joined:
    May 8, 2013
    Messages:
    743
    Likes Received:
    281
    Occupation:
    Reverse Engineering Maniac
    Location:
    Mars
    Stop inserting ur data in those free bitcoin generators and activate 2 step verification.
     
    • Thanks Thanks x 1
  3. opiosko

    opiosko Junior Member

    Joined:
    Aug 11, 2013
    Messages:
    117
    Likes Received:
    34
    Location:
    Every where
    Strong feeling ain't facts, buddy.
    Sorry for your loss, I hope you can recover it somehow.
     
    • Thanks Thanks x 2
  4. Telenor

    Telenor Junior Member

    Joined:
    Aug 31, 2016
    Messages:
    148
    Likes Received:
    9
    Gender:
    Male
    after reading your story looks like you need to change your email password also . active 2 step verification and hope you will recover your loss somehow .
     
    • Thanks Thanks x 1
  5. 55trillion

    55trillion Power Member

    Joined:
    Sep 27, 2015
    Messages:
    512
    Likes Received:
    130
    Occupation:
    Financial Trader
    Location:
    India
  6. Swarrior007

    Swarrior007 Junior Member

    Joined:
    Jul 23, 2014
    Messages:
    192
    Likes Received:
    18
    Location:
    BHW
    Home Page:
    I think somebody hacked your email try change your email pass and add more security.
     
  7. ZlatanTheGod

    ZlatanTheGod Jr. VIP Jr. VIP

    Joined:
    Jun 27, 2016
    Messages:
    1,115
    Likes Received:
    1,717
    Gender:
    Male
    Occupation:
    The God
    Home Page:
  8. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    10,401
    Likes Received:
    8,106
    Get dancing: two step.
     
  9. Drowen9

    Drowen9 Junior Member

    Joined:
    Mar 11, 2015
    Messages:
    104
    Likes Received:
    33
    That's the reason why you should never keep your BTC online. Cold storage or at least HW wallets are good ways to go.
     
  10. tman73

    tman73 Registered Member

    Joined:
    Apr 20, 2011
    Messages:
    56
    Likes Received:
    22
    Cold Storage, 2FA, and picking up the slack in security with exchange accounts. That was a $1000 lesson for me recently.
    I had a similar surreal hack occur except mine was Eobot. (definitely not a referral, stay away) Received an email about a successful log on from a Denmark ip address (Im in US). I immediately got in touch with Eobot chat, email, and attempted phone. I sat there asking the Eobot rep if they were just going to sit by watching as my ME get robbed on thier platform! " We assume no liability, you hold all risk" nothing was even attempted in the short 5-7 minutes it took to load BTC/ETH/etc on the Eobot manual withdrawal platform and watch as it accumulated with other poor bastards coin into a healthy wallet none of us have access to... (This Eobot had minimal coin, this happened on Skriller and Paxful too)

    Im betting this is a semi coordinated effort by people that have access to secure account info at some wallet/exchange/hyip entity.

    I would love to develope a way to trace this type of theft (including chargebacks) and produce something actionable to recover and convict
    this criminal activity. These exchanges couldnt care less and seem to facilitate this activity although they are simply impudent.

    Well 55trillion... I actually posted to ask if you used candlesticks / charts to target your entry and exit points and at what time intervals?

    All my Best.
     
    • Thanks Thanks x 1
  11. tman73

    tman73 Registered Member

    Joined:
    Apr 20, 2011
    Messages:
    56
    Likes Received:
    22
    Here is a possible source of the breach. Check this site out to see if you got PWNED,
    (my BHW credentials sure did) Suggest everyone check on breaches:

    https://haveibeenpwned.com/
     
    • Thanks Thanks x 1
  12. 55trillion

    55trillion Power Member

    Joined:
    Sep 27, 2015
    Messages:
    512
    Likes Received:
    130
    Occupation:
    Financial Trader
    Location:
    India
    This is the account to which my BTC were transferred . Looks like professional hacker.

    fir.png
    sec.png
     
  13. tman73

    tman73 Registered Member

    Joined:
    Apr 20, 2011
    Messages:
    56
    Likes Received:
    22
    Its not going to end well for the hack thieves, live by the Hack, die by the Hack.

    Just because one has the ability and opportunity to do something does in itself justify any given act.
     
    • Thanks Thanks x 1
  14. 55trillion

    55trillion Power Member

    Joined:
    Sep 27, 2015
    Messages:
    512
    Likes Received:
    130
    Occupation:
    Financial Trader
    Location:
    India
    I just found that this BTC wallet belongs to POLONIEX , its their cold wallet. So little hope to recover the funds.
     
  15. tman73

    tman73 Registered Member

    Joined:
    Apr 20, 2011
    Messages:
    56
    Likes Received:
    22
    Little sliver of hope. Wonder how your coins made it to a Poloneix address unless They quickly performed a double spend to have the initial hacker transaction rejected. Strange....but hope you recover.
     
  16. 55trillion

    55trillion Power Member

    Joined:
    Sep 27, 2015
    Messages:
    512
    Likes Received:
    130
    Occupation:
    Financial Trader
    Location:
    India
    Even i am little confused, may be their system has been hacked and many accounts were compromised so their security system frozen the account.
     
  17. IAmNotLegend

    IAmNotLegend Jr. VIP Jr. VIP

    Joined:
    Mar 13, 2014
    Messages:
    445
    Likes Received:
    359
    Activate 2-factor authentication. I created account just to check how the website works. Next day I recieved an email of successful login from an IP not belonging to me. And then every hour there was a login from a new IP.
     
    • Thanks Thanks x 2
  18. kittykut

    kittykut Jr. VIP Jr. VIP

    Joined:
    Feb 9, 2016
    Messages:
    648
    Likes Received:
    372
    Gender:
    Male
    Location:
    localhost
    they could of hacked your email too, change that password
     
    • Thanks Thanks x 2
  19. uncutu

    uncutu Elite Member

    Joined:
    Aug 6, 2010
    Messages:
    1,638
    Likes Received:
    845
    Polo didn't hack you to steal $73 worth of btc. Likely your browsing habits revealed your personal info to a hacker.
    Use 2FA or an app like Google Authenticator.
    Change your email if you can..your pw to something very complex...reformat your pc (maybe you have a keylogger), stop doing any shady things like downloading hacked/cracked tools or signing up for free bitcoin generators. If you have to, you must do it on a different computer. Some people get dedicated laptop just for managing their portfolio to keep it extra safe.
    If the funds were sent to another poloniex wallet, talk to support maybe they can help.
     
    • Thanks Thanks x 1
  20. Nargil

    Nargil Jr. VIP Jr. VIP

    Joined:
    May 10, 2012
    Messages:
    5,021
    Likes Received:
    3,194
    Location:
    Europe
    Home Page:
    ^^ This.

    Polo couldn't give more fucks about your 70 bucks when they pull off 6 figures a day from fees. If you can't secure your account properly, then you deserve to get hacked.

    Also, opening support ticket with Poloniex lololol. I waited 22 days for a reply to my ticket and I had to spam half the Twitter for it. Some people have been waiting for 40+ days already, so don't bother. Secure your account next time.

    I am using Yubikey for Gmail and Kraken. 2FA for Poloniex (They don't support Yubikeys as of now) and Ledger S as my cold wallet. This is the very least that you can do.
     
    • Thanks Thanks x 1