Cyber Incident Victim: Poloniex

On December 30, 2019, Poloniex cryptocurrency exchange notified customers via email about a security breach involving leaked email addresses and passwords. The email attributed the leak to "someone" who posted the data on Twitter but provided no details about the breach's origin, scope, or timeline. This vague communication triggered immediate suspicion among users, with one customer publicly tagging Poloniex on Twitter to warn others about a potential "scam" email circulating. The exchange's failure to issue an accompanying official blog statement or clarify the incident's severity amplified user concerns about phishing attempts. Poloniex Customer Support confirmed the email's legitimacy through a Twitter reply, instructing users to reset passwords for security. The forced password reset applied to all accounts despite Poloniex claiming "almost all" leaked emails didn't belong to active users.

Following the breach disclosure, Poloniex urged customers via Twitter to enable two-factor authentication (2FA), providing step-by-step setup instructions for authenticator applications. No additional technical details about the breach mechanism, affected systems, or forensic findings were disclosed publicly. The exchange avoided publishing an official incident report while simultaneously promoting its 2019 operational milestones, including new office openings and TRX staking features. This juxtaposition of breach notifications with celebratory corporate messaging suggested an effort to downplay the incident's significance. Customer reactions remained unquantified in available records, with no verifiable data regarding financial losses, account compromises, or subsequent phishing attacks linked to the leaked credentials. The absence of third-party audits or regulatory disclosures left the breach's full impact unverified in public reporting.