Poloniex endangers users’ privacy after partial revelation of email IDs
Poloniex, a noted crypto-exchange, has been at the receiving end of a lot of flak ever since it split from Circle, its parent company, in an attempt to rebrand itself as Polo Digital Assets. Additionally, Justin Sun – Founder and CEO of the Tron Foundation – admitted that Tron had invested in the exchange, along with other parties, after initially denying any involvement. Post the split, the exchange also announced that it would stop providing services to U.S-based customers, while temporarily restricting users from withdrawing any assets.
Poloniex has been at the center of criticism since, and the latest in the series is a Twitter announcement the exchange soon deleted. Notably, the exchange platform walked a path similar to the one BitMEX took in November 2019. While announcing the first batch of ‘lucky winners,’ the exchange partially revealed the email ID of ten winners, potentially putting the users’ accounts at risk.
Poloniex deleted after 1 hour ID: 1218745857417236482links in original tweet: https://t.co/YcT3ofgi9z… https://t.co/ADN5wYC1pm
— Delivered by Feed43 service pic.twitter.com/kVgIPCtYzB
— Crypto_Deleted (@deleted_crypto) January 19, 2020
DanDarkPill, a well-known Bitcoin influencer, responded to the move on Twitter as,
“FFS @Poloniex just doxxed a user. Don’t use this exchange, it’s run by clowns.”
The incident also drew the attention of MyCrypto.com, an open-source, client-side tool for generating Ether wallets. The platform tweeted,
“Sec Folks, If your marketing team or any team is excempt from security training or oversight, call out & gtfo. This is crypto. Marketing Folks, YOU ANNOUNCE WINNERS HAVE BEEN CHOSEN TO MAKE THE LOSERS SHUT UP NOT TO NOTIFY THE WINNERS. Poloniex, You died last year bro go home.”
Taking BitMEX’s data breach into consideration, Oz Mishli, VP of Products at Unbound Tech, had told AMBCrypto that one of the risks posed by email ID leaks is that fraudsters would attempt to access the victims accounts, “mainly by using compromised password DBs from past breaches (and relying on password reuse by the victim across different services).”
Rand0mGuest2, a Twitter user, said,
“If they breached id’s like binance that would be worse and solely on the exchange. This was easily preventable. But sure”
Another controversy the exchange was embroiled in was the delisting of Digibyte after a squabble with its Founder on Twitter. In a series of Tweets about Tron, Jared Tate opined that he was “royally pissed” that his data, including his friends, families, and Digibyte customers’ personal data, is in the hands of Poloniex, further remarking, “Or the $TRX shill factory as we should call it.” To this, the exchange replied,
“We don’t own any US customers’ data as all of them are preserved by Circle. BTW, after careful review, we decided #DigiByte is not qualified for our listing standards. We will delist $DGB soon. Details to be announced.”