Poloniex staf denies the company got hacked

Poloniex Staff Denies Hack Rumors, Points to Phished Credentials

At a time in which the cryptocurrency community focuses on regulatory developments and Binance’s unforeseen slowdown, rumors Poloniex got hacked started spreading on Twitter. According to these rumors, the exchange’s passwords weren’t properly secured, and were stored as plain text. A Poloniex staff member took to social media to set things straight.

The rumors included an image that showed various email addresses and their passwords right next to them. Various Twitter users claimed to have tried these out and gotten access to their accounts, or a two-factor authentication (2FA) prompt. At press time, most tweets about the leak have been deleted.

In light of these rumors a C-level executive at Poloniex, MickD, pointed out that the exchange wasn’t hacked. According to him, the leaked credentials were harvested from phishing websites.

One of the individuals who tweeted out the rumor was the technical director of Metrix Cloud and ethical hacker Jamie Woodruff. Although his tweet is no longer available, he has since revealed that a Poloniex staff member reached out to him to make things clear.

It’s entirely possible the database consisted of phished Poloniex users. As reported by Core Media, even fake Poloniex trading apps have in the past made their way to Google’s Play Store.

Poloniex staff on how phishing scams work

The exchange’s C-level staff member then decided to shed some light on how phishing scams work, so users can spot one when the time comes. As MickD explains, malicious actors first create a phishing app or website, similar to that of the cryptocurrency exchange.

Then they try to get users to enter their login credentials. Then, they take them to a page that asks them to wait a specific amount of time, while the malicious actors try their credentials to see if they work. If the credentials work on both the exchange and their email account, they’ll essentially steal everything they can.

This includes the victim’s identity if any personal documents are contained within the breached email account. To prevent this, users need to never reuse login credentials, use 2FA to protect their accounts, and avoid leaving identifiable information on their emails.

Although cryptocurrency exchanges often get hacked, a lot of users lose money on them because they fail to adopt these security measures.