On September 26, digital asset exchange KuCoin released a statement regarding a recent security breach of its hot wallets, where supposedly 11,000 ETH had been moved out to an unknown address.
According to the statement, a recent internal security audit report found out that part of Bitcoin, ERC-20, and other tokens in KuCoin’s hot wallets were compromised, containing few parts of their total assets holdings. Hot wallets are said to have been redeployed after the hackers obtained the previous ones’ private keys, with cold wallets being unaffected by the breach. The exchange reassured clients that any losses to user’s funds will be completely covered by the company’s insurance fund.
Moreover, a thorough security review will be conducted to ensure that remaining customer assets are intact and secure. KuCoin reported that deposit and withdrawals will be suspended during this period, after which the service will be gradually restored.
Judging by info provided by Etherscan, two Ethereum wallets belonging to the exchange sent more than 11,000 ETH, which is currently worth about $350 a piece, to an unknown wallet address. Previously, the address had also allegedly received $150 million worth of Ethereum-based tokens from other sources. As over 200 crypto assets are being traded on the Asian exchange, KuCoin’s daily volume averages $100 million at present. With so many tokens being transferred back and forth on the platform, the exact size of the compromised cryptocurrency assets is yet to be known. Best current estimates fall around $150 million.
After announcing the security breach, KuCoin’s token, KCS, fell in price by 14% within an hour. International law enforcement will join KuCoin in investigating the stolen funds and the public will be regularly updated on the development of the situation.
“As “The People’s Exchange”, we will take full responsibility and maintain transparency. To keep you updated regarding the latest updates, our CEO Johnny Lyu will update more details through a livestream at 12:30 (UTC+8), September 26, 2020,” the company said in the statement.