KuCoin Hack Shows Key Difference Between Altcoins and Bitcoin
"Unprecedented" moves by altcoins in the aftermath of the KuCoin hack showed that the old adage "not your keys, not your coins" might be true in the case of decentralized cryptocurrencies such as bitcoin (BTC) only.
As reported, following several abnormal transactions first noticed on September 25, KuCoin experienced a leakage of its private keys tied with its hot wallets, which resulted in a hack of millions USD worth of customer funds. Per an update by the KuCoin team, with the release of additional suspicious addresses, it now seems that there's been more than USD 200 million in funds lost, and it could go higher if more such addresses are revealed.
What the updates also revealed is that, a number of projects have swapped, frozen, invalidated, or otherwise 'interfered' with their tokens, as well as the token transfers. Such activities include:
- Ampleforth (AMPL) disabling transfers from the attacker (AMPL 14m (USD 9.5m))
- Tether freezing a total of 22m USDT tokens
- VIDT_Datalink (VIDT) freezing the 14.5m tokens (USD 6.2m) transferred to the suspicious address
- Covesting (COV) freezing 3.12m tokens (USD 563,000)
- Velo Labs (VELO) announcing re-deployment and replacement of each of the VELO tokens transferred to the suspicious address - VELO 122m (USD 71.65m) affected will be invalidated
- Silent Notary (SNTR) re-issuing new SNTR, and replacing 78.9bn affected SNTR tokens (USD 99,000)
- NOIA Network (NOIA) reissuing NOIA via a new smart contract, replacing the NOIA 81m (USD 3m) affected; it has completed the token swap
- Aleph.im (ALEPH) re-issuing the tokens via a new smart contract, rendering obsolete the previous tokens, including some 8.5m stolen tokens (USD 1.25m)
- Orion (ORN) completing the token swap of ORN 3.82m (USD 8.98m)
- KardiaChain (KAI) completing the token swap of KAO 525m (USD 9.2m)
- Opacity (OPQ) accelerating the planned token swap.
"The market has shown unprecedented reaction to recent KuCoin hack," commented ICO Analytics.
However, these are also moves that many argue can't be made with BTC.
Changpeng Zhao, CEO of another major crypto exchange Binance, however, used the chance to reiterate his previous statements that decentralization is not "binary black or white," but that the reality is "usually a bit more grey."
After Binance was hacked in May of 2019, Zhao also mentioned a possibility to roll back some of the BTC transactions in order to recover the lost funds and "teach [hackers] a lesson." This prompted a heated debate in the Cryptoverse, showing that, in theory, this would be technically possible but it would be as likely as "all miners stop mining Bitcoin and let it die" because "there’s a huge collective incentive to not change history."
Also, after the infamous Ethereum (ETH) DAO hack in 2016, the ETH community controversially decided to hardfork the ETH blockchain in order to restore virtually all funds to the original contract and return DAO token holders’ ether.
Meanwhile, the above-mentioned projects have made their arguably centralized moves faster than a traditional, centralized authority is often able to - which speaks both of the technology's superiority in a way, but also of the potentially worrying fact that it's possible for an individual / team to make these decisions and exert this much control over the project in the first place. It can be argued then, that the only thing that stands between the projects using their power for something that could be interpreted as a good cause (e.g. stopping a hacker) and using it for their own 'not as good' goals is the benevolence of the authority.
If a "decentralized" project can invalidate stolen tokens then it can invalidate YOUR tokens.— Jameson Lopp (@lopp) September 27, 2020
Censorship resistance for all or censorship resistance for no one.
That said, some industry players and observers wonder if certain measures, such as freezing tokens, could be useful in certain situations, while others see the projects' power as a necessary evil, so to say.
Don’t you feel that’s kind of ridiculous?— Dan Held (@danheld) September 27, 2020
There is also a concern over what this unprecedented set of responses could be a base for in the future.
yeah it's almost as if #DeFi projects aren't decentralized— Kyle Torpey (@kyletorpey) September 27, 2020
Meanwhile, the attacker appears to have been on the move since the hack, swapping other stolen altcoins for ETH on the decentralized finance (DeFi) protocol Uniswap. However, this would still leave traces on the Ethereum blockchain, and the associated addresses could potentially be blocked. Nonetheless, the situation could come with "interesting repercussions," as Bitfinex and Tether chief technical officer Paolo Ardoino said.
This might have interesting repercussions. While we're staring at laundering while it happens on a transparent DEX, couple of consideratios arise for me:— Paolo Ardoino (@paoloardoino) September 27, 2020
- will liquidity providers be tainted?
- privacy is key, probably the next DEX should use confidential transactions https://t.co/tmDCSf7yun
As previously said, in a live stream on September 26, KuCoin Global CEO Johnny Lyu assured the affected users that all losses would be covered by the exchange's risk provisions. Also, the team offered rewards of up to USD 100,000 to anyone who can provide valid information regarding the hack.
IF A PROJECT CAN INVALIDATE A TOKEN ITS NOT DECENTRALIZED!!!!— RG3² ☠️ (@RG3_Pirate) September 27, 2020
People yearn to be governed and prefer a fake sense of security to real freedom— Jack (@John_Moxie) September 27, 2020
Well. But since this issue now is public I'm wondering how this will change. Potentially you're knowingly providing liquidity to an hacker. The more time it passes the more difficult is to argue you were 100% unaware.— Paolo Ardoino (@paoloardoino) September 27, 2020