Poloniex Exchange Suffers BitMEX-Style Security Breach

As this decade inches to a close, Poloniex becomes the next cryptocurrency exchange to mismanage user data after “someone leaked” email addresses and passwords. Poloniex Forces Users to Reset Passwords After rampant scams and phishing attempts, Poloniex customers were rightly cautious over the email they received from the cryptocurrency exchange on Dec 30. One customer […]
As this decade inches to a close, Poloniex becomes the next cryptocurrency exchange to mismanage user data after “someone leaked” email addresses and passwords. Poloniex Forces Users to Reset Passwords After rampant scams and phishing attempts, Poloniex customers were rightly cautious over the email they received from the cryptocurrency exchange on Dec 30. One customer […]

As this decade inches to a close, Poloniex becomes the next cryptocurrency exchange to mismanage user data after “someone leaked” email addresses and passwords.


Poloniex Forces Users to Reset Passwords

After rampant scams and phishing attempts, Poloniex customers were rightly cautious over the email they received from the cryptocurrency exchange on Dec 30.

One customer tagged Poloniex on Twitter telling the company to “be careful” with the “scam” email doing the rounds.

To be fair, with so many phish in the sea, Poloniex’s email was certainly vague. There were no details or facts about the cause or consequence–or size–of the breach.

It merely said that “someone leaked a list of email addresses and passwords on Twitter”. The communication could well have been an outright attempt from hackers to siphon off users’ funds.

Moreover, the email was not accompanied by any official statement on the company’s blog–raising further suspicion.

It seems fairly obvious that the struggling cryptocurrency exchange in the midst of a last-ditch facelift wanted to keep news of the breach under wraps.

However, the customer’s tweet about the “scam” mail forced Poloniex customer support to acknowledge that it was real. They replied:

This is a real email! Please reset your password for account security.

In the email, Poloniex stated that “almost all of the leaked emails do not belong to Poloniex accounts.” However, they were doing a force reset on all passwords just in case.

They then urged all customers to set up 2FA in a follow-up tweet:

Keeping the Security Breach Quiet

With no official statement, it’s impossible to ascertain the size of the breach. However, it’s clear that Poloniex wants to keep it as quiet as possible.

In a congratulatory tweet a few moments ago, the company reminded its customers of all the successes over the year that “benefitted” its users.

These included setting up a new office in Hong Kong and adding the ability to stake TRX.

Poloniex seems to be pinning its hopes of luring more customers on its partnership with TRON after closing its doors to US citizens.

Whether that was a wise decision or not remains to be seen–as does the severity of the data leak.

What do you make of this Poloniex breach? Add your thoughts in the comment section below


Images via Shutterstock, Twitter @PoloSupport