We've detected that you're using a large display. Want to switch to the desktop version of the site?

Poloniex is taking steps to remove our margin and lending products for US-based customers. These changes are part of our ongoing commitment to ensure that Poloniex complies with regulatory requirements in every jurisdiction.

As part of this effort, customers who have never transferred funds to their margin or lending accounts will no longer be able to access the Margin Trading, Lending, or Transfer Balances pages.

Posted by Poloniex Team on 2018-10-30 18:39:39

Logged Out

Your session has expired or you have logged out from another window.

Please log in to trade or press OK continue.


Confirm Withdrawal

Please enter your six-digit Google Authenticator code. Invalid 2FA code.

Febuary 25, 2017

Cloudflare's parser bug has far-reaching impact

Due to the widespread impact of Cloudflare's recently-discovered parser bug (also known as CloudBleed), we highly recommend that our users change their passwords and enable 2FA immediately. API users should also generate new keys.

This affects many more sites than Poloniex, including other exchanges. It is imperative to use unique passwords and 2FA for all services you use.

What happened?

Cloudflare is a content distribution provider that supports some of the most highly trafficked sites on the internet, including Yelp, Medium, and The New York Times.

A Google researcher recently uncovered a flaw where, under certain circumstances, sensitive user information could leak based on the way Cloudflare was parsing and caching HTTP requests. Since Poloniex utilizes Cloudflare's content distribution services, there is a chance that some of our customer's private information could have been revealed.

What is the likelihood that this affects me?

Although it is possible that data leaked from any request made between September 22, 2016 and February 18, 2017, it is estimated that the vast majority of leaks occurred during the final week of the bug, when approximately 0.00003% of HTTP requests were affected. Although it is unlikely your data was leaked, you should assume that all sensitive data submitted to, or received from, any affected site could have been revealed during the 6 months the bug was active. This data includes your username and password if you logged in during this period, your 2FA secret key if you enabled 2FA during this period, and any API secret keys you viewed during this period.

Cloudflare is unable to determine exactly what information was compromised during the affected period. We do know that the bug has since been patched.

What can I do about it?

We urge all Poloniex users to change their passwords and enable 2FA. API users should delete any keys viewed or generated on or before February 18th and create new ones. We highly recommend API users utilize the IP whitelisting feature for all keys.

In addition, you should immediately change your password and enable 2FA if you have accounts on any of the affected sites indicated in this running list. For your safety, it is critical that you use unique passwords and 2FA for all services you use.

- The Poloniex team