Poloniex Security Alert (Updated)
-
@bandarfjb I was very though to find and you wouldn't find it unless you looked really deep into the source code. This is why websites should hire Penetration Testers.
-
@AngryChicken said in Poloniex Security Alert:
@bandarfjb I was very though to find and you wouldn't find it unless you looked really deep into the source code. This is why websites should hire Penetration Testers.
Penetration... hmmm. that's not a very friendly word. xD just kidding. Thanks for the heads up bud. :)
-
Or you could have "borrowed" some coins and pretend nothing happened.
-
@rapidfireman Haha, yea I could but in the Information Security World that comes to us as something called "Bug Bounties", by offering hacker this they can encourage them to come forward to get a legit reward instead of risking privacy infringements.
-
@AngryChicken Just think about those hundreds of bitcoins...
-
@rapidfireman More like thousands of bitcoins LOL
@AngryChicken thanks for the heads up?!
-
@AngryChicken I want to take the time to thank you for alerting the community of this. Randomly coming across a post like this gives me a whole new respect for the community. There was nothing obligating you to post this to warn the rest of us but you did. I applaud you for that. I honestly believe if everyone realizes the power we have as individuals, we can make a collaborative effort to make BURST as prolific in use as Bitcoin.
-
@AngryChicken Thanks for the heads-up ..
I good action would be activating the 2FA authentication along with a strong password.
-
@AngryChicken Hope they send you some coin for reporting this
-
After 3 days I finally received a response.
I am sorry for the delay, thank you very much for your report, I will escalate this ticket to the development team and they will investigate and contact you shortly.
Best regards,
Johnny Garcia
Poloniex Support
-
@AngryChicken LOL a lot of time to reply to such a security issue... They should really review their protocols ASAP because this is not something that affect just one currencie but the whole crypto community?! Just another reason for not like exchanges!!!
Thanks again for your effort @AngryChicken !
-
Just updating this issue.
I have finally received a response from the dev's at Poloniex responding to my comments about many factors in the login system.
They have put extra security measures in place and corrected the issues with cloudfire, and authentication system.
They also will be taking my advice in the future by adding a email response when people try to access your account with 3 or more failed logins.


