Popular cryptocurrency exchange Poloniex has denied any security breach to its servers following a list of login credentials being leaked on social media and associated with Poloniex accounts.
On Thursday, following days of speculation on the issue, Poloniex released a statement, a first official account of their investigation into the matter, which claimed that the leaked account information did not originate from it. According to the exchange, it seems that the emails and their corresponding passwords had already been compromised and listed on the popular security info website haveibeenpwned.com.
On Monday, a few users went on Twitter to seek additional information on an email that was sent by Poloniex support instructing them to change their passwords. Poloniex confirmed at the time that the email was legitimate despite the lack of official communication about any security incident. The situation left several Poloniex users distraught and confused over the source of the information that was being shared on Twitter.
At the time, the exchange support told the users that they should not worry about anything and that they are required to only change their passwords. The exchange also confirmed that a majority of the leaked emails were not associated with any Poloniex account. The few that were associated and listed in the leak were forced to update their security features.
It has now taken a further two days to release an official account on what happened. Here’s Poloniex’s statement on the matter:
“To confirm, there was no information or data leak originating from Poloniex and our actions represented a swift response to an external threat […] our immediate priority was to ensure that our customers’ accounts were safe. As a result, we reset the passwords of potentially impacted customers, as users often reuse passwords or minor variants of the same password. Our second priority was to determine the source of the leak and we can now confirm that neither this list nor the information contained, originated from Poloniex. For those interested in our security protocols, we do not store passwords in plain text or a recoverable form, but rather we store them as salted bcrypt hashes.”
The exchange Poloniex was recently sold off by Circle to a group of Asian investors led by Tron founder and CEO of BitTorrent Justin Sun. the exchange, which was previously headquartered in the United States has since exited the country and relocated offices. Users of the exchange residing in the US have been barred from accessing the website as it focuses on world domination. The exchange exited the US mainly due to regulatory limitations.