Kucoin hacked for $150 million in bitcoin and ERC20 tokens

Spread the love

Crypto exchange Kucoin may have been hacked for $150 million in bitcoin and ERC20 tokens. The Singapore-based exchange confirmed the September 25 security breach, but did not revealed the amount of stolen assets.
“Bitcoin, ERC-20 and, other tokens in Kucoin’s hot wallets were transferred out of the exchange,” said Kucoin in an update on Saturday.
Meanwhile, Bitfinex and Tether, issuers of the centralized stablecoin USDT, immediately froze a combined $33 million worth of USDT suspected to be part of the funds looted in the Kucoin hack.
Paolo Ardoino, chief technology officer of both entities, said in a twitt that Bitfinex froze $13 million USDT on EOS as part of the hack. Tether froze $20 million USDT “sitting on this ethereum address as a precautionary measure,” he said.
In its update, Kucoin maintains that funds in its cold wallets (offline storage, which is more difficult to be hacked) are safe, even as the hot wallets were hit. Kucoin tried to calm fretful investors, saying: “If any user fund is affected by this incident, it will be covered completely by Kucoin and our insurance fund.”
Kucoin, which calls itself “as the most advanced and secure cryptocurrency exchange”, said it will be suspending deposits and withdrawals to pave way for what it calls “a thorough security review.”
But these issues appear to have already been happening while the hack was taking place. Clients started having difficulties with withdrawals on September 25th, long before the exchange had made any official announcement regarding the breach.
On September 25, at 9:55 p.m. (ET), the onchain analysis company Cryptoquant’s Telegram signals channel detailed that Kucoin was hacked. “Usually, after being hacked,” Cryptoquant signals channel said. “The BTC outflow increases rapidly and then becomes zero. Since 20:00 UTC on September 25th, the outflow has continuously been zero.”
The Kucoin team claimed that “the transactions were simply pending.” It later emerged that about $150 million worth of BTC and other tokens had been spirited out of the exchange.
More than 11,480 ether (ETH), worth over $4 million, was received into this address. A further $146 million involved transactions related to tokens such as ampleforth, maker, OMG and YFI – all decentralized finance (defi) tokens. Others are little known digital assets like chroma, vid, and ocean token.
Kucoin chief executive officer Johnny Kyu later told its clients in a livestream event on Saturday that the exchange shut down its server as soon as it noticed funds were being moved out of its hot wallets.
The intervention failed since the private passwords to the hot wallet had already been impaired. Kucoin then switched the unaffected funds to a new address. Kucoin is the world’s 16th largest cryptocurrency exchange by volume, according to Coinmarketcap data.

Leave a Reply

Your email address will not be published.