Stolen Poloniex Ether worth $53M never made it back to the exchange

Avatar

Over half of the $100 million worth of Ether (ETH) linked to the infamous Poloniex hack from November 2023 has been siphoned via the privacy protocol Tornado Cash.

On Nov. 10, 2023, wallets belonging to crypto exchange Poloniex recorded massive unauthorized outflows. Investigations later confirmed that over $100 million worth of ETH was lost to a hack.

Despite Poloniex claiming to have identified the hacker weeks later and offering a $10 million bounty, the stolen funds never made it back to the exchange. According to the blockchain security firm CertiK, the incident was likely a “private key compromise.”

In response to the suspicious outflows, the exchange had temporarily disabled the compromised wallet.

On-chain message from Poloniex to the hacker. Source: PeckShield

Six months later, it became evident that the Poloniex hacker had no intention of returning the stolen funds. Blockchain investigation firm PeckShield found that more than half of the loot was siphoned across Tornado Cash, a protocol used to anonymize assets.

Poloniex hacker transferring stolen funds to Tornado Cash wallet. Source: PeckShield

The hacker moved over 17,800 ETH from six different wallets into a single Tornado Cash address, as shown in the flowchart above. At the time of transfer, the tokens were worth approximately $53.3 million.

Related: Pike Finance exploited for $1.6M in second incident in 3 days

Poloniex resumed operations shortly despite the $100 million setback, enabling investors to deposit and withdraw crypto at will.

The exchange appointed a “top-tier security auditing firm” to enhance the security of funds on Poloniex and avoid such hacks in the future. At the time. The company had said:

“Currently, they are in the final stages of the security audit and verification processes for Poloniex. Upon completion of the audit, we will promptly resume deposit and withdrawal services on our platform.”

Poloniex owner Justin Sun — who acquired the exchange in 2019 — had promised to fully reimburse the users affected by the breach, claiming that Poloniex “maintains a healthy financial position” and is looking for collaborations with other exchanges to recover the lost funds.

Magazine: What do crypto market makers actually do? Liquidity, or manipulation