“The hacker found a vulnerability in the code that takes withdrawals. … The hacker discovered that if you place several withdrawals all in practically the same instant, they will get processed at more or less the same time,” Poloniex owner Tristan D’Agosta?explained in a forum post. “This will result in a negative balance, but valid insertions into the database, which then get picked up by the withdrawal daemon.”
Another person on the forum estimated the total loss at approximately $50,000.
“I take full responsibility for this and am committed to repaying the debt of BTC,” D’Agosta added. “The exchange funds are 12.3 percent short. Because there is not enough BTC to cover everyone’s balances, all balances will temporarily be deducted by 12.3 percent.”
As funds are raised from exchange fees, the deducted amounts will be returned to users’ balances.
“I sincerely apologize for this, and I am very grateful to the many people who have already expressed their support and belief in my character,” D’Agosta wrote. “I take full responsibility; I will be donating some of my own money, and I will not be taking profit before the debt is paid.”