KuCoin underwent a brutal hack last week that resulted in millions of dollars worth of coins lost. While the first number reported was $150~160 million due to a lack of transparency on part of the exchange, new information suggests that up to $250 million worth of coins were siphoned out of the exchange’s accounts over a few hours.
Most of the tokens were based on Ethereum, with 60 percent of the capital stolen being made up by ERC-20 tokens such as Synthetix Network Token, Ocean Protocol Token, and more.
This was a concern for many of the tokens stolen: KuCoin was known for supporting large altcoin markets, sometimes making up a majority of the liquidity and volume of a project.
So, some projects were quick to take action with the emergency tools they had.
As CryptoSlate reported previously, Ocean Protocol was the first to take action. The project used its admin keys to render $8 million worth of the OCEAN tokens worthless, forking the protocol to give users a new token where the hacked funds were not accessible by the attacker.
Other protocols followed suit, including Tether, which froze $22 million worth of the USDT stablecoin, Covesting, KardiaChain, VIDT Datalink, and a few others. Decrypt reports that $130 million worth of the $150 million in ERC-20 tokens stolen are now worthless/cannot be transferred.
Bitcoin maximalists, others criticize DeFi after these token freezes
Many Bitcoin maximalists and others in the space were quick to point out that these projects freezing hacked funds are in clear violation of the “decentralized” aspect of DeFi.
The critique was that if a set of admins can arbitrarily freeze or fork their protocol to achieve some agenda, it was not decentralized. The critics were right in this sense, but wrong in saying that the tokens that were frozen represent all of DeFi.
Cyrus Younessi, part of the risk team at MakerDAO, recently asserted that none of the DeFi protocols he uses and has analyzed has admin functions that would allow them to do what Ocean Protocol and other projects did:
“Literally none of the DeFi protocols I use have admin keys or freeze functions. Or, if they do, it’s clearly stated and not a surprise. Basing an anti-DeFi argument off KuCoin tokens being frozen is, surprise surprise, yet another strawman by salty folks.”
Literally none of the DeFi protocols I use have admin keys or freeze functions. Or, if they do, it’s clearly stated and not a surprise.
Basing an anti-DeFi argument off KuCoin tokens being frozen is, surprise surprise, yet another strawman by salty folks.
— cyrus.ismoney.eth (@cyounessi1) September 28, 2020
Hacker stakes his Yearn.finance (YFI)
In a testament to Younessi’s comment, it appears that the hacker, who stole 4.44 Yearn.finance tokens from KuCoin, is now staking his coins in the protocol’s governance module.
Because Yearn.finance doesn’t have admin functions that more centralized Ethereum protocols have, his vote is worth just as much as everyone else’s.
⚠ 4.44 #YFI (111,998 USD) of stolen funds transferred from Kucoin Hack 2020 to unknown wallet
— Whale Alert (@whale_alert) September 29, 2020