Bitcoin Exchange Poloniex website hacked, the unidentified hacker stole approximately $50,000 in Bitcoins. The hacker place multiple withdrawals requests at the same time will result in negative balance but still the request is being processed. Poloniex owner Tristan D’Agosta explained in a forum post :
The hacker found a vulnerability in the code that takes withdrawals. Here’s what happens when you place a withdrawal:
1. Input validation.
2. Your balance is checked to see if you have enough funds.
3. If you do, your balance is deducted.
4. The withdrawal is inserted into the database.
5. The confirmation email is sent.
6. After you confirm the withdrawal, the withdrawal daemon picks it up and processes the withdrawal.
The hacker discovered that if you place several withdrawals all in practically the same instant, they will get processed at more or less the same time. This will result in a negative balance, but valid insertions into the database, which then get picked up by the withdrawal daemon.