KuCoin Exchange Hacked, Approx. USD 150 Million Worth of Crypto on the Move

Last updated:
Author
Author
Eimantas Žemaitis
About Author

Eimantas is a copywriter, Bitcoin and crypto journalist, and a life-long media student with a strong drive to explore the intersection between all forms of media, money, marketing, education, and the...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Singapore-based cryptocurrency exchange KuCoin has experienced leakage of its private keys tied with its KuCoin hot wallets, which resulted in a hack of approximately USD 150 million worth of customer funds. The platform has temporarily suspended deposits and withdrawals from its platform, while the team claims its cold wallets remain unaffected, assured the exchange’s CEO Johnny Lyu.

Source: Adobe/Oleksii

___
Read the update here: KuCoin Hack Shows Key Difference Between Altcoins and Bitcoin
___

Per the official announcement, the security incident was first noticed Friday evening (UTC time), September 25, as its risk management systems monitored several abnormal transactions. The total value of lost funds is still being calculated, though looking at the on-chain transactions it is estimated to be around USD 150 million. The hackers have gone away with roughly USD 4 million worth of ether (ETH), and USD 146 million worth of other ERC-20 tokens plus a large amount of bitcoin (BTC).

Timeline of the breach:

At 06:51 PM (UTC) on September 25, 2020, KuCoin team received an alert from the risk management system, showing that an abnormal ETH transaction with the TXID 0x4b738df5d7f12e3fa1cbe83b8165c542da461ef0c9255fc1a3f275259a92623b

After that, several other abnormal transactions for ETH and other ERC-20 tokens were registered, including:

0x56fd1c3c8cc861c8abceafac7a175ccfb53bb87877750b0bfbd9581d8c52c1bc
0x57e205922325104f9d132ff7cdbb7eb94bfe15049b5c71cb7328f72bc69a7122
0xdf1f8ce5d491728a2573591b253e2a9ec6abda723c7d984af1f6f154cd231ed9
0xc3bd740534a530cfa5060daf937a24c5c90b1783550c6d9fa61daa2c1873e734
0x5bf11bd22b6653870c1ba8cad69ae0691e08d9f73762a5adfc9e37f1892d9eee

All abnormal transactions originated from this wallet: 0xeb31973e0febf3e3d7058234a5ebbae1ab4b8c23

At 07:01 PM (UTC) on September 25, 2020, KuCoin received an alert about the abnormal remaining balance in their hot wallets.

At 07:15 PM (UTC) on September 25, 2020, the KuCoin team set up a dedicated team to cope with the security incident.

At 07:20 PM (UTC) on September 25, 2020, the team urgently closed the server of the wallet but abnormal transactions were still continuing.

At 08:20 PM UTC on September 25, 2020, the KuCoin wallet team starts transferring the remaining assets of the hot wallets to its cold storage.

At 08:25 PM UTC on September 25, 2020, the KuCoin wallet team, operation team and security team began investigating the incident based on available information.

At 08:50 PM UTC on September 25, 2020, most of the remaining assets were transferred from the hot wallet to cold storage.

As of 09:00 PM UTC on September 25, 2020, the exchange’s team claims to be in contact with other crypto platforms, including Binance, Huobi, OKEx, Bybit, Upbit, Bibox, Gate, MXC, BitMax, BigONE, BKEX, Bit-Z, HBTC, Hoo, Crypto.com, Bingbon, Renrenbit, LBank, Max/Maicoin, CoinW and more to block suspicious addresses and trace the stolen funds.

At 02:41 AM UTC on September 26, 2020, the team released the official announcement concerning the security incident.

At 4:30 AM UTC on September 26, KuCoin Global CEO Johnny Lyu started a live stream to update concerned stakeholders on the incident and current state of things at KuCoin. He said that “Regarding this accident, we have made a conclusion that it is because someone (unclear) stole the private key of our hot wallet.” Besides, he assured KuCoin users that all the losses will be covered by KuCoin.

“All the loss will be covered by KuCoin risk provisions.”

You can rewatch the live stream here:

At 08:39 AM UTC today, Bitfinex and Tether CTO Paolo Ardoino tweeted that Bitfinex has frozen approximately USD 13 million worth of Tether (USDT) on EOS blockchain and Tether froze USD 20 million worth of USDT on Ethereum.

KuCoin promised to reimburse users who lost funds in the hack by using its insurance fund that was established to deal with such situations. Deposits and withdrawals at the exchange have been temporarily suspended while the team is investigating the incident with international law enforcement. Besides, the exchange’s team offers rewards of up to USD 100,000 to anyone who can provide valid information regarding this hack. Relevant information can be sent to [email protected].

More Articles

Bitcoin News
Bitcoin Analyst PlanB Moves Entire BTC Holdings to Spot ETFs for “Peace of Mind”
Ruholamin Haqshanas
Ruholamin Haqshanas
2025-02-16 10:12:34
Altcoin News
Pantera Capital’s Dan Morehead Under Federal Tax Investigation After Move to Puerto Rico
Ruholamin Haqshanas
Ruholamin Haqshanas
2025-02-16 10:10:26
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors