KuCoin, in a statement on September 26, said that according to an internal security audit report, it discovered several large crypto withdrawals. The tokens included bitcoin, Ethereum (ERC20), and more than 150 other tokens from different hot wallets.
The exchange remained silent on the matter, immediately after the incident, stating that they needed time to provide comprehensive coverage of exactly what happened. When KuCoin Global CEO Johnny Lyu finally gave an official report, he noted that the amount hacked was more than the stipulated amount, reaching around $200 million.
Hackers Accessing KuCoin
The first analysis reported by Johnny Lyu said that the hackers found a way whenever a zero-day bug or social engineering approach to hack the KuCoin database. The hackers also stole several users’ private keys and transferred all the crypto from their hot wallets to a new one they controlled. Users with cold wallets were, however, not affected.
Blockchain technology makes it so hard for hackers to violate a decentralized network, leverage the nodes to execute a 51% attack, and revert the immutable ledger to steal money. Hence, hackers tend to shift their focus on cutting-edge interfaces and target ISPs, wallet providers, and exchanges or following social engineering techniques. It allows them access to the users’ cryptographic keys, using limited resources at a lower cost.
Selling the Loot on Uniswap
In a series of tweets on September 27, Whale Alert reported that the KuCoin hackers had moved 540,000 Synthetix Network tokens (SNX), worth roughly $2.7 million to new wallets.
Analysts say that the unknown hacker behind the KuCoin breach is selling the crypto through Uniswap. KuCoin noted some of the suspicious addresses and informed the public to avoid trading with them.
Transactions made on Uniswap are traceable using blockchain explorers. Even if the tokens get converted to Ether, the stolen amounts would still leave traces. Exchanges can hence suspend any exchange address that is associated with the tainted funds.
Other Exchanges’ Contributions in Containing the Hack
An attempt to sell millions of dollars worth of traced funds immediately after hacking is risky. It is because significant exchanges are on the lookout, trying to trace the stolen crypto.
Bitfinex and Tether’s Chief Technology Officer Paolo Ardoino said that the company had frozen $13 million worth of Tether USDT on the EOS blockchain on Twitter. It also froze another $20 million in USDT on the Ethereum blockchain, suspected to be related to the hack.
The Ocean Protocol Foundation, the group behind Ocean and one of the small cryptocurrencies stolen in the hack, also acted quickly. Its statement indicated that it was initiating a “hard fork” of the Ocean Token contract to reverse the stolen Ocean tokens.
KuCoin noted that it is in contact with other leading cryptocurrency exchanges, including Huobi, Binance, OKEx, BitMax and ByBit, to have the stolen funds frozen. KuCoin is also communicating with law enforcement and relevant blockchain projects.
Velo Labs announced that it would invalidate all 122 million VELO tokens stolen in the hack, worth about $76 million. VIDT Datalink will freeze 14 million VIDT, which is worth around $6.4 million. SilentNotary will replace all of its tokens, including the $94,692 affected. Ocean Protocol just paused its smart contract until the hack issues get settled, after losing $8.6 million.
KuCoin Will Cover All User Losses
In a Livestream, KuCoin’s CEO, Johnny Lyu, confirmed that all victims affected by the hack would get compensated via KuCoin’s insurance fund. KuCoin had also tweeted about their plans to pay all affected users fully.
The company has announced a $100,000 bounty in exchange for valid information concerning the hack. In the meantime, suspension of all deposits and withdrawals is effective until further notice.
Crypto Prices Unfazed by the Hack
Even with the KuCoin hack, traders appear unworried that the hacker’s open market sales will drop the Ethereum price. Moreover, bitcoin remains stable above $10,700 even after the hack.
On September 26, whale clusters at $10,407 grew following the recent BTC rally above $10,700. The data indicates that whales have been accumulating above $10,000, depicting an overall healthy market sentiment. The resilience of bitcoin, despite a high-profile security breach, shows the strength of the ongoing uptrend.
Kucoin users stated that the exchange has satisfactorily handled the hack. The exchange assures all its customers that all its operations will be back in a week.
