Lazarus Group Suspected of $117 Million Poloniex Hack

Crypto exchange Poloniex has been hacked for around $117 million. The blockchain analysis platform PeckShield pointed towards the suspicious transactions.

Poloniex is a centralized crypto exchange and was established in 2014. During the same year, the exchange lost 12.3% of its Bitcoin funds in a hack. TRON founder Justin Sun acquired the exchange in 2019. 

Justin Sun Warned of Poloniex Hack

PeckShield alert informed crypto exchange Poloniex and Justin Sun about the suspicious transactions. BeInCrypto discovered through the on-chain data that the following tokens were transferred to a new wallet:

• 4900 Ethereum
• 726,859.21 Sandbox
• 397,778.61 Polygon
• 102,084.79 Lido DAO
• 188,797 DAI
• 168,476.02 FRAX
• 1,158,260 CRO
• 10,027,719.43 HEX
• 1,058,674.96 CHZ
• 28,491.81 APE

Read more: Crypto Social Media Scams: How to Stay Safe

Cyvers Alerts, the security alert platform, estimates that someone has moved approximately $117 million from Poloniex’s hot wallets. Justin Sun, one of the primary stakeholders of the Poloniex crypto exchange, wrote on X (Twitter):

“We are currently investigating the Poloniex hack incident. Poloniex maintains a healthy financial position and will fully reimburse the affected funds. Additionally, we are exploring opportunities for collaboration with other exchanges to facilitate the recovery of these funds.”

Following Sun’s post, Poloniex confirmed the white hat bounty and said it is giving the hacker seven days to cooperate with the exchange or risk involving law enforcement.

Ziv Oz, of Cyvers, said what was remarkable about the hack was the level of preparedness:

“Cyvers’s research team documented hundreds of illegal transactions across numerous blockchain networks and dozens of different tokens in just 69 minutes. For instance, in Ethereum alone, there were around 320 unauthorized transactions, and additional blockchain networks were also implicated.”

Is Lazarus Group Behind Attack?

The platform’s co-founder, Deddy Lavid, added:

“It’s reasonable to assume that this is a pre-planned bot operating automatically. In our estimation, this is a highly sophisticated and serious cyberattack.

“Considering the nature of the attack, likely a private key breach, suspicion falls on the Lazarus group, known for their involvement in similar advanced access control attacks and substantial amounts of stolen funds in recent months.

“Analysis of Lazarus attacks since September revealed that the attackers infiltrated the system months before the actual breach was executed.”

Unexpectedly, the native token of the TRON blockchain, TRX, pumped by 14% after the hack. This sudden change caught the community off guard. Justin Sun, a well-known figure in the crypto world, is the founder of the TRON blockchain. However, in the wake of these events, some individuals are harboring suspicions about the incident. One wrote:

“Why did the hacker use those funds to pump TRX 🤔”

Read more: What Is TRON (TRX) and How Does It Work?

In a statement, Poloniex part-owner Justin Sun vowed that the exchange would fully reimburse the funds affected by the hack. He later offered a 5% white hat bounty to the Poloniex hacker, the same tactic he made for the HTX hack last month.

Do you have anything to say about the Poloniex hack or anything else? Write to us or join the discussion on our Telegram channel. In addition, you can also catch us on TikTok. Furthermore, we are on Facebook, or alternatively, on X (Twitter).

For BeInCrypto’s latest Bitcoin (BTC) analysis, click here.