Remarkable KuCoin Hack stuns crypto community

Last Updated on 27 September 2020 by CryptoTips.eu


Jeroen Kok

Jeroen is one of the lead copywriters on Cryptotips.eu and discusses all recent events in the crypto market. This includes news updates, but also price analyzes and more. He developed his passion for cryptocurrency during the bull run in 2017. He has learned a lot since then. The combination of cryptocurrency and creative writing is perfect for Jeroen and an excellent way to share his knowledge with a wide audience. Find me on LinkedIn / jeroen@cryptotips.eu

Singapore-based exchange KuCoin admitted being hacked and having lost some anywhere between $150 million and $200 million in funds (expect the total figure to become clear in a few days). In a carefully drafted announcement, the exchange which is keen on being seen as “the People’s Exchange” promised that every crypto coin lost during the so-called “security breach” would be covered by an insurance fund.

The hack counts as the third biggest ever in the history of the crypto industry and is surprising both for its boldness and timing. It was not expected that in 2020 hacks of this magnitude are still possible due to the increased security of the platforms.  

Biggest ever hack was Coincheck (in 2018), which saw $534 million get stolen, closely followed by the holy grail of crypto hacks, the infamous Mount Gox one (in 2011), for some $460 million.

It would appear the KuCoin exchange funds were transferred to BTC, Bitcoin SV, ETH, LTC, XRP, Stellar Lumens, Tron and Tether wallet addresses.

The hackers must have gained access to the exchange’s hot wallets, including its private keys. Because even after KuCoin discovered the security breach and took the servers offline, funds were sent to the hackers’ wallet addresses.

KCS Drops dramatically

KuCoin own native token, KuCoin Shares (KCS) fell sharply by 14% as the news became public and buzz started spreading on social media.

There were several small transfers and some larger ones. For example, it would appear that two Ethereum wallets which belonged to KuCoin had sent no less than 11,000 ETH to an unknown address. At the current price of some $350, that is a $3.85 million transfer right there.

Steph Burwell who runs KuCoin’s Telegram group, declared:

We are in contact with many major crypto exchanges such as Huobi, Binance, OKEx, BitMax and Bybit, as well as blockchain projects, security agencies, and law enforcement to work on this. Some effective measures have been taken, and we will update with more details soon.

Tether announced that they were cooperating for the benefit of the crypto community and had already frozen some $33 million of the stolen funds.

Inside Job?

Crypto commentator Chained, a clear LINK fan, gave three possible culprits for the hack. First off he said it was possibly done by North Korea, a plausible assumption as Singapore and has ties with the rogue nation state and is one of the only states in the world that has a North Korean embassy.

Furthermore, the regime of Kim Jung Un is known to have a large hacking group in it’s armed forces.

Secondly, he jokingly referred to a possible 17-year-old in Florida, a reference to Graham Ivan Clark, the youngster who hacked celebrity twitter accounts in June and asked for Bitcoin payment. We don’t see how that is possible.

Thirdly, Chained stated that it could have just been an “inside job,” referring to some theories that have been going around ever since the Mount Gox hack. Rumor on social media is that since crypto is unregulated, some of these crypto CEO’s would oftentimes slash the fund to themselves and then claim a “hack”, letting the insurance take care of repaying it afterwards.

Nothing is sure at this point of course.

Even though all funds are insured by KuCoin, this should be a wake up call for everyone. You should never leave your funds at an exchange.