KuCoin, the Singapore-based crypto exchange experienced a ‘security incident’ on September 26. That incident resulted in the loss of more than $150 million worth of different cryptos. The hot wallets of this exchange were targeted and hackers managed to compromise and drain them of Bitcoin and Ethereum.
The crypto exchange reported the event as a “security incident.” They reaffirmed:
“part of Bitcoin, ERC-20, and other tokens in KuCoin’s hot wallets were transferred out of the exchange.”
Whale Alert, a monitoring resource tracked most coins sent to this particular address. Experts believe that the many small transactions sent to that address were mainly for testing purposes. Some of the other altcoins that were stolen from KuCoin’s hot wallets include SNX, DX, DGTX, AGI, SNT, DRGN, and more.
The cryptocurrency exchange suspended all withdrawals and deposits while doing a “thorough security review” to prevent any further illegal withdrawals. KuCoin claimed that it has re-deployed the hot wallets after that incident. According to their official statement, the cold wallets are unharmed and the users who lost their money will be repaid by the exchange and its insurance fund.
Changpeng Zhao, Binance CEO, and other prominent people in the crypto space have shown their support. He promised that his company will “actively” help during the investigation. KuCoin’s native crypto experienced severe consequences instantly. KuCoin Shares (KCS) dropped from over $1 to $0.86 in minutes. Since then, the token has recovered some ground and it is trading just below $1.
Insurance To Cover The KuCoin Hack
After that KuCoin hack, Johnny Lyu, the CEO of the exchange, explained in a live session what the company intends to do to salvage the situation and give comfort to users. Lyu also noted that although he could not reveal how much of the exchange’s total assets were affected in that incident, the stolen amount is “small for KuCoin.”
The exchange promised to cover all the losses with its insurance fund. Abnormalities were first discovered at 2:51 AM, Sept 26 when KuCoin got an alert from an internal risk-monitoring system. More alerts came in showing abnormal transfers from the hot wallet. By 3:01 AM, the exchange got a notification on its remaining balance from the monitoring system. At 3:04 AM, more alerts were received showing strange XRP withdrawal. The next alert from the company’s hot wallet was that it was running out of balance.
The alerts between 3:05 AM and 3:40 AM showed unauthorized bitcoin withdrawals alongside other tokens. KuCoin set up an urgent task force when the cybercriminals were stealing the funds. The exchange then shut down its wallet servers. Nevertheless, that shutdown did not deter the hackers who continued with their illegal withdrawals and transfers.
At that point, it was clear to the exchange’s management that its private keys of its hot wallets had leaked. They decided to move the remaining balance in the hot wallet to cold storage.
The Strategy To Counter The Criminals
Lyu said that KuCoin will publish the addresses that were used by these criminals on its official channels. A previous report on the hack indicates that the Ethereum address allegedly used for that operation had more than $150 million in ETH and ERC-20 tokens.
The crypto exchange is now cooperating with international police, its biggest clients, and industry experts for an extensive investigation into this hacking. Moreover, Lyu has requested most crypto exchanges like OKEx, BitMEX, Binance, Bitfinex, and Houbi Global to blacklist the hackers’ wallet address and help in the investigation.
Bitfinex CTO Paolo Ardoino said that his exchange has already frozen 13 million USDT on EOS that was suspected to be a part of the hack. Tether also froze the 20 million USDT on Ethereum in the ETH address that was used for the hack. Although trading services are still available, deposits and withdrawals are still suspended until KuCoin finishes its wallet upgrade.