The Singapore-based cryptocurrency exchange KuCoin released a statement regarding detecting large withdrawals on September 26, 2020, at 03:05:37 (UTC+8).
The exchange has reportedly lost $150 million worth of funds, although KuCoin hasn’t declared it yet but released “suspicious addresses,” which are constantly updated. As per the company’s internal security audit report, some BTC, Tether, ERC20 tokens, and other cryptos from KuCoin’s hot wallets were transferred out of the exchange.
Tether has already frozen all the stolen USDT, but the community isn’t supportive of the move. This isn’t even the first time they did so; one address in 2017, eight in 2018, seven in 2019, and 24 in 2020 so far has been frozen by the company.
Stay safe everyone!
— Paolo Ardoino (@paoloardoino) September 26, 2020
KuCoin assured that “the assets in our cold wallets are safe and unharmed, and hot wallets have been re-deployed.”
In a live stream, KuCoin CEO Johnny Lyu said one or more hackers “stole” the private keys to hot wallets but those cold wallets, that aren’t connected to the Internet as such considered more secure, were unaffected.
He also said the exchange is in contact with the police and that “all the loss will be covered by KuCoin risk provisions.”
The exchange has transferred the remaining crypto assets to the new hot wallets.
The Asian exchange that trades over 200 cryptocurrencies has a daily trading volume of about $100 million, as per CoinGecko. Following the security breach, its exchange token KCS fell by over 17% but has since recovered to above $0.90.
The trouble at the exchange first started when users complained about withdrawal issues. Initially, it was maintained that the platform was experiencing a system issue, and later, KuCoin’s admin team claimed that “transactions are simply pending,” and funds are SAFU.
While Liu said the amount lost is “small,” that might not be the case, many are pointing out that there could be over 1k BTC and tokens like ETH, LTC, Omni USDT, XRP, YFI, OMG, Maker, Ocean Token, Chroma, Gladius, Hawala, and others lost.
It seems #Kucoin got hacked.
Usually, after being hacked, the $BTC outflow increases rapidly and then becomes zero. Since 20:00 UTC on September 25th, the outflow has continuously been zero.
— CryptoQuant (@cryptoquant_com) September 26, 2020
Currently, the investigation is going on, and a security review will also be conducted. Still, the exchange has said that any losses suffered by a user would be “covered completely” by KuCoin and its insurance fund.
As “The People’s Exchange,” we will take full responsibility and maintain transparency,” said the exchange in an official statement.
For now, the exchange has suspended the deposits and withdrawals service, which will be restored gradually once it ensures a safe state.