On Sunday at 22:00 UTC, Ocean Protocol announced it had migrated from its old token address to a new one to thwart the KuCoin hacker’s attempts to offload 21 million OCEAN tokens worth some $8.6 million. According to a Sept. 27 blog post from the Ocean Protocol team:
“At 1600 GMT, a new contract was instantiated reflecting the balances of OCEAN as of block height 10943665 on the Ethereum mainnet. The new smart contract will allocate stolen token balances to an address which will be held in trust in Singapore for persons affected by the theft.”
Moving contract addresses has effectively blacklisted the hacker’s stash of OCEAN tokens. But it also raises questions of the project’s true immutability if the protocol can be effectively hard-forked in one weekend.
Prior to the hard fork, the hacker offloaded some 330,000 OCEAN tokens worth $120,000, according to The Block’s head of research, Larry Cermak. Ocean Protocol has a liquid supply of 587,622,921 OCEAN tokens with a maximum supply of 1.4 billion OCEAN.
Singapore-based KuCoin was hacked Friday beginning at 19:05 UTC. The hacker gained access to the platform’s hot wallet keys, said KuCoin CEO Johnny Lyu in a weekend livestream.
Lyu said the platform intends to cover for hacked losses with insurance funds.
OCEAN’s price fell as much as 8% from $0.399 per token to $0.365 as the hacker sold the stolen tokens in tranches of 10,000 coins, according to CoinGecko. He or she then moved onto other holdings including COMP, SNX and LINK after the contract was paused.
The hacker swapped stolen ERC-20 tokens for ether (ETH), the native currency of the Ethereum blockchain. These swaps have largely been facilitated by Uniswap, a popular decentralized exchange (DEX) due to a novel liquidity model that reduces price slippage.
The Ocean Protocol team did not return questions for comment by press time.