Crytocurrency exchange Poloniex announced on Tuesday that a hacker had successfully made away with 12.3 percent of its Bitcoins.
Addressing the incident on Bitcoin Forum under the moniker “busoni,” the owner of the exchange revealed that the attacker leveraged a vulnerability in the website's withdrawal protocol which allowed them to swipe the Bitcoins.
By placing several withdrawals at the same time, they're all processed “at more or less the same time,” he wrote. While the overdrawn accounts result in a negative balance, Poloniex security features did not “explicitly” look for negative balances.
Once the abnormal withdrawal activity was detected, Poloniex froze transactions before any more damage could be done, unlike exchange Flexcoin, which lost all of its funds.
The exchange owner plans to repay all customers through a personal donation and through exchange fees, which were temporarily raised.