Hackers Breach KuCoin’s Hot Wallets, Steal $150 Million
- The hackers reportedly obtained the private keys to the wallets and transferred ETH and ERC-20 tokens to an unknown address.
- The exact size of the compromised funds is still not confirmed, but estimates currently place the loss at around $150 millio.
Photo from Freepik
On September 26, digital asset exchange KuCoin released a statement regarding a recent security breach of its hot wallets, where supposedly 11,000 ETH had been moved out to an unknown address.
According to the statement, a recent internal security audit report found out that part of Bitcoin, ERC-20, and other tokens in KuCoin’s hot wallets were compromised, containing few parts of their total assets holdings. Hot wallets are said to have been redeployed after the hackers obtained the previous ones’ private keys, with cold wallets being unaffected by the breach. The exchange reassured clients that any losses to user’s funds will be completely covered by the company’s insurance fund.
Moreover, a thorough security review will be conducted to ensure that remaining customer assets are intact and secure. KuCoin reported that deposit and withdrawals will be suspended during this period, after which the service will be gradually restored.
Judging by info provided by Etherscan, two Ethereum wallets belonging to the exchange sent more than 11,000 ETH, which is currently worth about $350 a piece, to an unknown wallet address. Previously, the address had also allegedly received $150 million worth of Ethereum-based tokens from other sources. As over 200 crypto assets are being traded on the Asian exchange, KuCoin’s daily volume averages $100 million at present. With so many tokens being transferred back and forth on the platform, the exact size of the compromised cryptocurrency assets is yet to be known. Best current estimates fall around $150 million.
After announcing the security breach, KuCoin’s token, KCS, fell in price by 14% within an hour. International law enforcement will join KuCoin in investigating the stolen funds and the public will be regularly updated on the development of the situation.
“As “The People’s Exchange”, we will take full responsibility and maintain transparency. To keep you updated regarding the latest updates, our CEO Johnny Lyu will update more details through a livestream at 12:30 (UTC+8), September 26, 2020,” the company said in the statement.
- The updated KYC checks will be introduced on 15 July, after which new users will be required to complete the process in order to gain full access to the exchange’s services.
- Existing users who fail to complete the KYC checks will face limitations on the platform, such as being unable to deposit new funds and only having access to certain services.
Shutterstock
- The Twitter account of the crypto exchange was compromised for roughly 45 minutes on Monday, resulting in 22 transactions connected to the hack.
- KuCoin has calculated that the total asset losses were 22,638 USDT, and noted that it will fully reimburse users affected in the incident.
- CEO Changpeng Zhao pledged on Tuesday to implement a Proof-of-Reserve mechanism at Binance to provide full transparency, and called on all industry players to follow suit.
- KuCoin, Poloniex, Huobi, and OKX were among the first crypto exchanges that promised to publish proof of their reserve holdings within a month.