TechFlow reports that X-explore has posted a tweet stating they have analyzed the Poloniex hack. The article lists current addresses and balance tables associated with the hacker, suggesting the attack resulted from a private key leak.
Normal withdrawals on Poloniex use the EIP-1559 transaction type, whereas the attack transactions used the Legacy type. X-explore believes the attacker could be the North Korean hacking group Lazarus Group, which previously attacked Stake.com on September 4, 2023. The two attacks show similar behavior, with different tokens stored in separate addresses—each address handling only one type of token.




