KuCoin, which touts itself as “the most advanced and secure cryptocurrency exchange to buy and sell Bitcoin, Ethereum, Litecoin, TRON, USDT, NEO, XRP, KCS, and more” has been hacked, and $150 million in funds may be gone.
The company confirmed that late on September 25 (UTC time), “Bitcoin, ERC-20 and other tokens in KuCoin’s hot wallets were transferred out of the exchange.”
(1/4) We detected some large withdrawals since Sep 26 at 03:05 UTC+8. According to the latest internal security audit report, part of BTC, ERC-20 and other tokens in KuCoin's hot wallets were transferred out of the exchange, which contained few parts of our total assets holdings
— KuCoin (@kucoincom) September 26, 2020
It maintains that, while its hot wallets were hit, its cold wallets are safe. Moreover, it claimed in its announcement, “If any user fund is affected by this incident, it will be covered completely by KuCoin and our insurance fund.”
MORE FROM AFRIUPDATE
(2/4) We are locating the reason for the incident, and will keep you updated once it is confirmed. Please rest assured that if any user fund is affected by this incident, it will be covered completely by KuCoin and our insurance fund.
— KuCoin (@kucoincom) September 26, 2020
KuCoin Hacked – The trouble started when users started complaining about withdrawal issues.
Initially, KuCoin’s admin team seemed to maintain that it was experiencing a systems issue. At least one admin message on KuCoin’s Telegram channel indicated that users should not withdraw or deposit funds “given the situation.” It claimed that “transactions are simply pending.”
(3/4) To ensure the security of users' assets, we will conduct a thorough security review. The deposit and withdrawal service will be suspended during the period. We will restore the service gradually after ensuring a safe state. We will keep you updated.
— KuCoin (@kucoincom) September 26, 2020
It then became apparent that about $150 million worth of tokens had been moved to a different address. The address received transactions of 11,484 Ether, worth roughly $4 million, plus $146 million in transactions of other tokens. Many are little-known, such as Gladius, Chroma, Ocean Token, and Hawala, but there were also Maker, OMG, and YFI tokens in the mix.
Adding to the confusion, Crypto data company Cryptoquant noticed that a large amount of Bitcoin left the KuCoin wallets quickly then stopped. “Since 20:00 UTC on September 25th,” it tweeted, “the outflow has continuously been zero.”
It seems #Kucoin got hacked.
Usually, after being hacked, the $BTC outflow increases rapidly and then becomes zero. Since 20:00 UTC on September 25th, the outflow has continuously been zero.
Chart: https://t.co/kHsUEzh92C pic.twitter.com/qgycevVsnT
— CryptoQuant.com (@cryptoquant_com) September 26, 2020
According to Cryptoquant CEO Ki Young Ju, that spike is a telltale sign of a hack. If it were merely a systems issue, outflows would go straight to zero without a spike.
KuCoin CEO Johnny Lyu held a livestream early on September 26 to provide more details.
KuCoin CEO Johnny Lyu livestream starts now https://t.co/gsM6XLjMRX https://t.co/V5c6MFlXE0
— KuCoin (@kucoincom) September 26, 2020
Read Also: Cryptocurrency Wallet, Exchange And Types Explained
According to Lyu, after realizing that money was being transferred out of a KuCoin-owned hot wallet, they shut down the server. However, transfers continued because the private key to the hot wallet had been compromised. KuCoin then transferred untouched funds to a new address.
KuCoin has not confirmed the amount that was taken.
According to data from CoinMarketCap, KuCoin, based in Singapore is the 16th-most-popular crypto spot exchange when taking into account trading activity, traffic, and volume. It’s responsible for $112 million in volume over the last 24 hours.
Follow our socials Whatsapp, Facebook, Instagram, Twitter, and Google News.
