Poloniex Hack Analysis: North Korean Hacking Syndicate Lazarus Group Suspected in Wallet Breach

The North Korea-backed hacker group is thought to be behind the Nov. 10 Poloniex hot wallet breach. A market research platform has said “a leakage of the private key” could be the reason why the hot wallet got breached.

Private Key Leakage


According to X-explore, a market research platform, the recent Poloniex hacking incident was likely carried out by the North Korea-backed cybercriminal entity, the Lazarus Group. X-explore said it came to this conclusion after observing the hackers’ tactics which are somehow similar to those used by the group that breached Stake.com on Sept. 4, 2023.



As reported by Bitcoin.com News on Nov. 10, the Justin Sun-owned crypto exchange Poloniex lost an estimated $114 million after hackers breached its hot wallets. Immediately after the breach was confirmed by onchain analysts, Poloniex announced the temporary disabling of the wallet system.



However, in its short analysis of the incident shared via X, (formerly Twitter), the market research service said “a leakage of the private key” could be the reason why the hot wallet got breached. Concerning its assertion the Lazarus Group was behind the attack, X-explore said:

Different tokens are saved at different addresses. It means each address only deals with one kind of token. Use a middle address to swap [the] ERC 20/TRC 20 token on dex [decentralized exchange] and then transfer the ETH/TRX to the new address.


Meanwhile, in a later post on X, Sun said that the Poloniex team had successfully identified and frozen some of the stolen assets. He also claimed the losses incurred so far were “within manageable limits” and that Poloniex’s operating revenue can sufficiently cover such losses. Sun, however, did not reveal when the crypto exchange is expected to resume deposits and withdrawals.

What are your thoughts on this story? Let us know what you think in the comments section below.