Earlier this month, crypto exchange Poloniex was hacked. At the time of the hack, there was not enough information available to determine the real extent of the damage caused by the security breach. However, the team at Certik has now provided a detailed analysis of what happened during this major hack.
CertiK has shared that on 10th November, Poloniex wallets “on Ethereum, Tron and BTC were compromised leading to an overall loss of approximately $132 million.”
In total, the stolen funds have “passed through at least 681 wallets as assets are being laundered.” This is the second largest private key compromise that CertiK has “detected in 2023. Just 40 incidents involving private key compromises have accounted for 57% of the overall losses in 2023, demonstrating how devastating private key compromises can be.”
CertiK has shared the following Event Summary:
On 10th November, suspicious movements of funds “were detected originating from Poloniex hot wallets on Ethereum, Tron and BTC.”
The total lost in this incident “is approximately $132 million worth of assets, with the majority lost on the Ethereum Network.”
At the time of writing, the funds have “passed through over 600 wallets on Etheruem and 70 wallets on Tron.”
The funds have “not moved from the hackers Bitcoin wallet.”
The first suspicious movement of funds “occurred when approximately $18 million was transferred to the hackers BTC wallet at 10:34 AM UTC. Shortly after, the first movement of ERC-20 tokens were moved starting with 11 million USDT followed by approximately 642.9 ETHO on Tron.”
To swap the vast amount of ERC-20 tokens stolen, the hacker “transferred 0.5 ETH to a wallet operated by the hacker followed by a particular token which were then swapped for ETH and transferred to a new wallet.”
A Mistake By The Hacker
The malicious actor stole 317 ERC-20 tokens “from the Poloniex hot wallet with them majority swapped for ETH. However, the hacker made a mistake with the GLM tokens that they stole. In total, over 10.5 million GLM tokens were stolen worth $2.6 million at the time of transfer. However, instead of swapping the GLM tokens for ETH, the hacker transferred the tokens to the Golem Network Token contract.”
At the time of writing, the funds are still “within the tokens contract.” It is likely that human error led “to the attacker copying the contract address as the recipient following importing the token contract into their wallet.”
Private Key Compromises
In CertiK’s $1 billion briefing report, the firm predicted “that although we would be unlikely to see an uptrend in the amount lost to hacks and scams before the end of the year,” the exception would “highly likely come in the form of additional private key compromises on crypto companies that hold a large amount of assets.”
Since that prediction at the start of September, they have “recorded, approximately, an additional $450 million in losses to private key compromises which have now reached $725.4m in 2023. This figure accounts for 57% of the overall losses in 2023 so far. The table below shows a month by month breakdown of the amount of funds lost to private key compromises for the year.”
This trend of private key compromises accounting “for the large losses will likely continue until a bull market returns and investors lock more value into smart contracts.”
Asset Tracing
So far there have been at least 681 wallets used to move the assets stolen from Poloniex.
Of these wallets:
- 371 hold a balance greater than $100
- 342 hold more than $1,000
- 199 hold more than $10,000
- 74 hold more than $100,000
There are 16 wallets what currently “hold more than $1 million of assets.”
The largest wallet has “a current balance of $21.17m.”
The exploiter has so far “not laundered any of the funds through privacy protocols or exchanges at the time of writing.”
CertiK concluded:
“The hack on Poloniex hot wallets is the second largest private key compromise that CertiK have detected in 2023 which has resulted in November seeing $173 million lost in security incidents so far. This means that November already ranks 4th highest in the amount of funds lost.”