Singapore-based cryptocurrency KuCoin disclosed a major security breach on Sept. 26, emptying all hot wallets connected to its app.
A mega hack announced affected the company’s systems, with losses reaching $150 million. KuCoin uses hot wallets as a temporary storage system in exchanging assets on the platform. These wallets are stored on the cryptocurrency management apps, while cold wallets are stored offline.
The cryptocurrency firm claimed that it detected major movements on the hot wallets on Sept. 26, when ‘some large withdrawals’ were made at around 7:05 UTC time. CEO Johnny Lyu said hackers obtained the private keys on the platform’s hot wallets.
Following the incident, KuCoin transferred what’s left onto the new hot wallets, then froze customer deposits and withdrawals after. Moreover, the cryptocurrency exchange firm said its cold wallets were unaffected, considering these aren’t connected to the Internet.
Coins affected, BSV, ETH, LTC, XRP, Stellar Lumens, Tron, and Tether wallet addresses were transferred. Following this incident, several cryptocurrency exchanges blacklisted the addresses, then create new ones.
KuCoin has a unique platform and is able to process a massive volume of a cryptocurrency exchange in a day. According to the company, the average daily volume of transactions amounts to $100 million, ranking as one of the busiest trading exchanges in the cryptocurrency market.
Tether moved quickly to transfer all its assets linked to the security breach. Bitfinex froze all its USDT accounts associated with the KuCoin hacking. The two companies froze nearly $33 million in total, to prevent hackers from accessing the linked apps.
The $150 million in total loss comprises 22 percent of the overall lost funds. A technical officer from Bitfinex Paolo Ardoino said, “Bitfinex froze 13M Tether USDt on EOS as part of the hack, Tether just froze 20M USDt sitting on this Enthereum address.”
Meanwhile, KuCoin is already coordinating with law enforcement to perform a series of investigations. CEO Lyu said, “Some effective measures have been taken, and we will update with more details soon.”
Leads from other cryptocurrency experts claimed that the hacker performed traceable movements with the stolen currency. Dovey Wan said from Primitive Crypto said, “The hacker who hacked KuCoin apparently is a Defi noob, tried to sell on Binance and didn’t swap the tained USDT on Curve.”
KuCoin said it would reimburse all lost funds from users and access funding from the cold wallets.