Criminals mimic Poloniex in Google Play

Fake Poloniex cryptocurrency trading apps found in Google Store
26 October 2017   402

One of the most popular cryptocurrency exchanges, Poloniex, fells prey to cybercriminals. Thus, due to the Poloniex's lack of an official app, the fraudsters managed to lure users into downloading credential stealing malware.  

ESET security researchers discovered variations of the app in the Google Play store on two separate occasions:

  • “Poloniex”, which was downloaded up to 5,000 times, despite having bad reviews
  • “POLONIEX EXCHANGE” using the developer name “POLONIEX COMPANY”,  was downloaded by up to 500 users

The app managed to harvest Poloniex login credentials as well as to trick victims into making their Gmail accounts accessible to the malicious app allowing them to control notifications to the user about unauthorized logins and transactions. Once exploited, the app attempts to appear functional by redirecting users to the mobile version of the legitimate Poloniex website.

If you're a Poloniex user and have installed any of these malicious apps on your device, start by uninstalling them. Make sure to change both your Poloniex and Gmail passwords and consider enabling 2-factor-authentication for both services.

ESET research team

Both Google and Poloniex have been notified of the malicious imposters. In order to prevent similar attacks, the users are recommended to check twice before downloading and using any app, to pay attention to app ratings and reviews, and be cautious of third party apps triggering alerts and windows appearing to be connected to Google.  

Poloniex accounts display incorrect amounts, users have problems with account management

Canceled orders on Poloniex do not return money back to the accounts, users report losing control of their accounts due to alerts “spazzing out”
18 January 2018   385

Since yesterday there were reports on Poloniex's unofficial subreddit about platform not returning the funds for canceled orders. All started with one user expressing his displeasure with the fact, and quickly grew to a whole new level with several more complaints added in the span of the day. Poloniex even responded on their official Twitter account that investigation is ongoing into the malfunction.

But there is more. There surfaced a report by a users, whose accounts balance just glitched out and is displaying inaccurate or outright negative amounts. For example, one user reported strange happenings with his margin account. By themselves the positions show correct values, but account as a whole is under 16% margin and is full of alerts. Thankfully, no assets are liquidated even under “Forced Liquidation” alert, but the ability to manipulate anything is lost. Poloniex replied to that issue as well, saying that everything will be corrected in short order.

All of that contributes to a series of problems with Poloniex, which have been amounting already for over a year. Customer service is swamped with tickets and the response times are getting longer. There were complaints about one ticket remaining unanswered for 158 days. And withdrawal times are even stranger. Some users have to wait for a month or more to get access to their own money, despite asking the support service for assistance.