Skip to content
Est. MMXXVIVol. VI · № 273RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 166Private Key Compromise

Poloniex Hot Wallet Drain

$114M+ swept from Poloniex's Ethereum and Tron hot wallets after private keys were extracted from internal systems; Justin Sun pledged full reimbursement.

Date
Victim
Poloniex
Chain(s)
EthereumTronBitcoin
Status
Funds Stolen

On November 10, 2023, blockchain security firms PeckShield and Cyvers raised the alarm on a coordinated drain of Poloniex's hot wallets. Total losses settled at $114 million on Ethereum plus approximately $42 million on Tron — bringing the cumulative loss to roughly $156 million across two chains affiliated with Justin Sun's operation.

What happened

The Ethereum-side "Poloniex hacker" address executed 357 transactions in rapid succession, sweeping over $100M from hot wallets controlled by the exchange. In parallel, a Tron-side address moved roughly $42M to a separate set of destinations.

Justin Sun and Poloniex publicly characterised the breach as a private-key compromise — the keys controlling the hot wallets had been stored within Poloniex's internal systems and were extracted by the attacker, who then escalated privileges and moved funds in a single coordinated window.

Aftermath

  • Poloniex paused withdrawals within hours; deposits resumed days later, withdrawals weeks later, after key rotation and audit.
  • Justin Sun publicly committed to 100% user reimbursement from corporate reserves and offered a 5% white-hat bounty to the attacker for return of funds, with a 7-day deadline before engaging law enforcement. The deadline passed.
  • The same operator infrastructure was implicated two weeks later in the HECO Bridge / HTX drain on November 22 — a related compromise affecting other Justin Sun-affiliated platforms.

Why it matters

Poloniex is one half of a tightly-paired pair of incidents (the other half being HECO/HTX two weeks later) that exposed the shared key-management exposure across Justin Sun's affiliated infrastructure. When one operator runs an exchange, a bridge, and an L1, the security boundary of the whole portfolio collapses to the operational security of the central key-management system.

The lesson — strict per-business HSM isolation, no shared signing authority — has driven the modern push toward enclave-based per-service key managers in the operator playbook.

Sources & on-chain evidence

  1. [01]coindesk.comhttps://www.coindesk.com/business/2023/11/10/poloniex-hot-wallets-hacked-65m-seemingly-stolen-on-chain-data
  2. [02]decrypt.cohttps://decrypt.co/205465/justin-sun-owned-crypto-exchange-poloniex-hacked-60m
  3. [03]financemagnates.comhttps://www.financemagnates.com/cryptocurrency/justin-suns-poloniex-loses-over-100m-in-hot-wallet-hack/

Related filings