Can a simple password reset be the solution to securing a complicated digital asset? Cryptocurrency exchange Poloniex thinks so. In a post published on Cointelegraph, the exchange mailed all its customers proactively, asking them to reset their account login credentials. The irony was that many thought the genuine request for a password reset sounded like a phishing attempt. The exchange took this measure after a Twitter post shared an image of an email from Poloniex.
Poloniex account leak
The alert claimed that someone had leaked several email addresses and passwords on Twitter with a claim that these accounts belonged to Poloniex customers. Once the data leak was made public, the exchange instructed an immediate password change. The alert received a mixed bag in terms of responses. Poloniex’s customer support team added to the thread, claiming that it was a genuine request for a password reset.
According to the tweeted image, the exchange checked all the leaked email addresses and claimed, “Almost all of the email addresses listed do not belong to Poloniex accounts.” The password change was mandatory for security purposes—especially for the addresses that were part of the leak.
Poloniex on Zcash Wallet and 2FA
In addition to the password change request, two more tweets seemed connected to the data leak. The timing of these events might seem like too much of a coincidence.
The first tweet was a notification for the disabling of the Zcash (ZEC) wallet. Poloniex customer support claimed the service was inactive due to maintenance. But this isn’t the first time Poloniex had disabled ZEC wallets on its portal. It also temporarily deactivated them for maintenance in 2017 and 2018. In 2017, when Poloniex disabled the services, users of Zcash wallets raised concerns. Users were anxious about the delayed activity in the wallet and worried about their funds. The Merkle published a post that fueled rumors of an exit scam by Poloniex. At the time, the exchange hadn’t discussed when Zcash wallet services would resume. Until further updates, the wallet functionalities will stay inactive.
The second tweet by Poloniex customer support was a step-by-step guide for the enaction of 2FA (two-factor authentication). 2FA improves security for all users. It doesn’t matter if your email address was part of the Twitter leak or not—it’s a good idea to turn on 2FA.
Poloniex in 2019
Set up in 2014, Poloniex lists over 60 cryptocurrencies for trading. But after five years of operating in California, it seems Poloniex is planning to shift its base. The exchange announced that crypto traders in the US couldn’t trade in the portal starting on November 1. Customers received a notification along with a request to withdraw their funds before December 15, 2019. Shifting from the US, Poloniex plans to target crypto traders in the Asia-Pacific region. It has also launched pwang.com, a dedicated exchange for Asia-Pacific traders.
Circle acquired Poloniex in February 2018 for $400 million. But after a year and a half, Poloniex spun off from Circle as an independent entity, Polo Digital Assets. The newly created business has backing from an investor in Asia and set up an office in Hong Kong this year. Considering the company’s support in Asia and its new office in Hong Kong, moving might seem like the best strategic decision. Let’s not forget that Poloniex no longer provides access to traders from the US. In my opinion, Poloniex could shift its base to Asia permanently.
While some of these recent events might raise concerns, Poloniex is still an active exchange. I can’t deny that some of these coincidences seem fishy. The company’s restricting access to US traders at a time when the Cryptocurrency Act of 2020 seems imminent, disabling Zcash wallet alongside the data leak, and increasing its focus on Asia all seem a little scary.