Roughly $281 million of an Asian cryptocurrency exchange’s funds have been compromised in a security breach.
In a live stream on 4:30 UTC Saturday, KuCoin CEO Johnny Lyu said one or more hackers obtained the private keys to the exchange’s hot wallets. KuCoin transferred what was left in them to new hot wallets, abandoned the old ones and froze customer deposits and withdrawals, Lyu said.
KuCoin’s cold wallets were unaffected, Lyu claimed. Cold cryptocurrency wallets are not connected to the Internet and are considered more secure than hot cryptocurrency wallets.
Two Ethereum wallets belonging to KuCoin have sent more than 11,480 ETH, which currently trades at a price of about $350, to the Ethereum wallet address associated with the hack, according to data from blockchain explorer Etherscan.
The Ethereum wallet address has also received over 150 Ethereum-based tokens worth more than $150 million from the two KuCoin Ethereum wallets, Etherscan’s data shows.
The cryptocurrencies are trading at roughly $10,700 per BTC, $165 per BSV, $45 per LTC, $0.25 per XRP, $0.07 per XLM, $0.02 per TRX and $1 per USDT, as of writing.
Tether and several cryptocurrency assets and exchanges such as Bitfinex have blacklisted the wallet addresses, according to the updated statement.
Over 200 cryptocurrency assets trade on KuCoin with a combined daily average volume of around $100 million, ranking it as one of the busiest trading exchanges, according to the cryptocurrency data site CoinGecko.
The price of KuCoin’s exchange token KCS fell by 14% to $0.86 within an hour on Saturday as news of the security breach spread on social media.
KuCoin is investigating the hack with international law enforcement and stolen customer money will be “covered completely” by an insurance fund, Lyu said in the livestream, though the exchange has since recovered about $204 million in stolen funds, Lyu informed users in a Tweet on Oct. 3.
UPDATE (Sept. 27, 2020, 1:00 UTC): Addresses and balances for cryptocurrency wallets associated with KuCoin’s hack have been added.
UPDATE (Oct. 8, 2020, 00:25 UTC): The amount of stolen cryptocurrency reflects two additional bitcoin wallet addresses and recovered assets
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.