Poloniex crypto-exchange offers 5% cut to thieves if they return that $120M they nicked

The founder of the Poloniex has offered to pay off thieves who drained an estimated $120 million of user funds from the cryptocurrency exchange in a raid on Friday.

Justin Sun, who also founded the Tron Foundation currency system, offered a so-called "white hat bounty" to those who siphoned the exchange's wallet dry, in return for the rest of the stolen funds being repaid. Otherwise the kid gloves come off.

"We are offering a five percent white hat bounty to the Poloniex hacker," Sun wrote. "Please return the funds to the following ETH/TRX/BTC wallets. We will give you 7 days to consider this offer before we engage law enforcement."

That five percent bounty would worth up to $6.5 million, we reckon.

• Monero Project admits thieves stole 6-figure sum from a wallet in mystery breach
• South Korea cracks down on unlicensed foreign crypto businesses
• Two things will survive a nuclear holocaust: Cockroaches and crafty URLs like ғасеьоок.com
• Florida man jailed after draining $1M from victims in crypto SIM swap attacks

The founder made the announcement shortly after the exchange said it had disabled its wallet, citing "maintenance" as the reason. The outfit may have been able to stop some of the digital money, or more of it, from being stolen; it's not entirely clear.

"The Poloniex team has successfully identified and frozen a portion of the assets associated with the hacker's addresses," Sun alleged. "At present, the losses are within manageable limits, and Poloniex's operating revenue can cover these losses.

"Additionally, the team have restored Poloniex's systems, preserved relevant evidence, and in the coming days, we will work diligently to gradually resume deposits and withdrawals on Poloniex, ensuring 100 percent security. Apologize for any inconvenience this may have caused."

Blockchain security company SlowMist has compiled all of the data related to the attack on Poloniex into a publicly accessible spreadsheet. At the time of writing, the attack had led to the theft of $130 million worth of cryptocurrency assets across hundreds of transactions. 

Cyvers, another blockchain security company, was among the first to alert the public to the woe at Poloniex at 1055 UTC on November 10, saying multiple suspicious withdrawals were made from the exchange's hot wallet. About an hour later, Sun confirmed the exchange was aware of the issues and was investigating.

According to SlowMist's data, the attacker drained myriad types of tokens. Scans of the Ethereum and Sun-owned Tron blockchains revealed a wallet titled "Poloniex hacker" is offloading the assets en masse in exchange for Ethereum and Tron tokens.

PeckShield broke down the losses by individual blockchains:

• Ethereum – $56 million
• Tron – $48 million
• Bitcoin – $18 million

Poloniex's incident is the latest in a long line of high-profile wallet-draining attacks in the blockchain community. 

The Monero Project announced last week that one of its wallets reserved for community crowdfunding initiatives was drained of XMR worth more than $400,000.

A sub-group of North Korea's state-sponsored Lazarus offensive cyber operation, tracked as "BlueNoroff" is believed to be behind at least some of the attacks that have been ongoing since April.

Speaking to The Register, cybersecurity expert Dominic Alvieri said that although key facts are yet to be established, the attack on Poloniex appears to share the same MO as Lazarus' previous work.

As for how the Monero Project was drained, the lead maintainers are still without answers. Industry experts pointed to LastPass's 2022 breach as a possible method of stealing wallet seeds, an idea that LastPass has refuted. ®