Nov 20, 2023 Frank Stewskid
Has Poloniex Finally Unmasked the Hacker? A $10 Million Bounty Raises Questions
In a surprising turn of events, Poloniex, the cryptocurrency exchange victimized in a major digital heist just a couple weeks back, claims to have identified the hacker responsible for the theft of over $120 million in digital assets from the platform. This revelation made on X (Twitter) by security firm PeckShield is accompanied by an offer of a $10 million white hat reward, conditional on the return of the stolen funds by November 25th.
๐๐๐It seems promising progress in tracking @poloniex stolen funds. @justinsuntron The whitehat reward of $10m is being offered. https://t.co/vWYgyYbEYs pic.twitter.com/6hZx72Buu2
— PeckShield Inc. (@peckshield) November 18, 2023
However, this announcement has sparked skepticism within the crypto community. The exchange's decision to broadcast an on-chain message in 15 different languages, despite claiming to know the hacker's identity, raises questions about the credibility of their claim. This skepticism is fueled by doubts over the necessity of such a broad communication strategy if the identity of the perpetrator was indeed established.
How Did the Poloniex Hack Happen?
In November 2023, Poloniex's cryptocurrency exchange suffered a significant hack, leading to a loss of around $126 million. This breach was due to compromised private keys of the exchange's hot wallets. The attackers, believed to be the Lazarus Group linked to North Korea, utilized sophisticated methods typical of their operations. They targeted wallets controlled by a single private key, which, once compromised (likely through social engineering or malware), gave them control over the funds.
The Lazarus Group's signature approach involved sending different types of tokens to distinct addresses, which specialize in specific token types. They then used intermediate addresses to exchange ERC20/TRC20 tokens on decentralized exchanges before transferring them to new addresses. This pattern of moving assets is a distinct signature of the Lazarus Group and was a key factor in attributing this hack to themโ.