KuCoin exchange loses $275 million in hack

Singapore-based digital currency exchange KuCoin was hacked for roughly $275 million on September 25. The KuCoin team became aware of the security breach when they noticed that large withdrawals were being made from KuCoin’s hot wallet that the KuCoin team did not authorize. 

Although the platform has experienced a significant loss due to the hack, KuCoin says that “if any user fund is affected by this incident, it will be covered completely by KuCoin and our insurance fund.”

What was stolen?

So I did some accounting of the KuCoin hack based on the wallets very likely associated and based on my estimation, there was nearly $280 million of assets stolen, not $150M. This would make it the third-largest hack in history and 7 times larger than the Binance hack last year.. pic.twitter.com/iESWm1EGPh

— Larry Cermak (@lawmaster) September 28, 2020

According to KuCoin and further research done by Larry Cermak, director of research at The Block, 14,713 BSV, 26,733 LTC, 18,495,798 XRP, 999,160 USDT, 1,008 BTC, 9,588,383 XLM, and 199,038,936 TRX, along with ETH and several ERC-20 tokens were transferred out of the KuCoin hot wallet. In total, it is estimated that the hacker was able to steal an estimated $274.1 million from the exchange, making this security breach the third-largest digital currency exchange hack in history.

Shortly after the security breach took place, the hacker began to liquidate some of their stolen funds through the DeFi platform UniSwap. According to the blockchain tracker and analytics platform Whale Alert, roughly $1,228,341 of stolen SNX token was sent from the hacker’s wallet to UniSwap.

⚠ 80,000 #SNX (368,457 USD) of stolen funds transferred from Kucoin Hack 2020 to Uniswap

Tx: https://t.co/qzHYjhJ1j2

— Whale Alert (@whale_alert) September 27, 2020

⚠ 50,000 #SNX (263,883 USD) of stolen funds transferred from Kucoin Hack 2020 to Uniswap

Tx: https://t.co/Ck2eFRA7V1

— Whale Alert (@whale_alert) September 28, 2020

⚠ 50,000 #SNX (252,440 USD) of stolen funds transferred from Kucoin Hack 2020 to Uniswap

Tx: https://t.co/98RBi83hg4

— Whale Alert (@whale_alert) September 28, 2020

⚠ 68,395 #SNX (343,561 USD) of stolen funds transferred from Kucoin Hack 2020 to Uniswap

Tx: https://t.co/4Y64DDb9DU

— Whale Alert (@whale_alert) September 28, 2020

KuCoin’s next steps

KuCoin is working with numerous exchanges and digital currency projects to blacklist the hacker’s addresses as well as freeze the hacker’s token supply. Among these projects, Tether froze $22 million USDT in an effort to stop the hacker.

In addition, KuCoin is working with “international law enforcement, and will offer rewards of up to $100,000 to those who can provide valid information to us regarding this incident.”

When CoinGeek reached out to KuCoin for more information, a spokesperson said, 

For this security incident, we are so sorry for causing inconvenience for users and projects but we are trying our best to solve these problems and will reopen our services as soon as possible. Please follow this announcement we will continually update https://www.kucoin.com/news/en-the-latest-updates-about-the-kucoin-security-incident