Earlier on September 26, KuCoin, one of the world’s most prominent crypto-exchanges by trading volume, was reportedly hacked. On Friday afternoon, some Twitter users began to notice large withdrawals of Ethereum and ERC-20 tokens from KuCoin’s designated addresses. In just 30 minutes, about $150m worth of ETH tokens got moved from wallets marked “Kucoin” and “Kucoin 2” on Etherscan.
Coins withdrawn were all the capital in the addresses. Users were quick to confirm that it was a hack. The exchange was, however, silent for hours, while its moderators shared very little about what exactly was going on. After they finally gave a report, their social media channels’ admins asserted that users’ deposits were safe.
Security Incident Details
Approximately seven hours after the withdrawals, the company revealed that it had undergone a security incident. The company’s internal security auditing team found that the hackers transferred part of Bitcoin, ERC-20, and other tokens in KuCoin’s hot wallets. The funds withdrawn from the exchange comprised a few parts of our total assets holdings, the exchange stated.
It still has not yet clarified how much got allegedly stolen, but independent analyses show that over $10 million worth of Bitcoin got taken from KuCoin-owned addresses. Ethereum and ERC-20 tokens worth $150 million, most of which are in Alchemy, Tether’s USDT, Ampleforth, and Ocean Token, got withdrawn. Until it asserts the exact amounts withdrawn, this remains mere speculation.
Kucoin confirmed that the funds stolen from Kucoin’s addresses were funds stored in the exchange’s hot wallets. Cold wallets remained safe and unharmed. However, the unknown address has been doing test transactions, with funds it held at the writing time.
User’s Compensation By Kucoin
Kucoin confirmed, in its statement, that all users affected by the incident will be compensated by them and by the firm’s insurance fund. KuCoin also stated that they are locating the venture’s reason and should get time to review the situation properly. They promised that once they had confirmed what happened, they would keep all users updated.
Before the alleged hack, KuCoin Shares (KCS), the exchange’s Ethereum-based token, was relatively stable. The confusion and the suspected lapse in communication on the management’s part led to the KuCoin Shares drop by 11.2%.
While clarifications of the hacks are still pending, analysts have been quick to say that this emphasizes DeFi’s value proposition.
Having decentralized exchanges like Uniswap, users always have custody of their funds; hence, preventing such large-scale hacks from taking place.