Author

Topic: Kucoin exchange detected a large withdrawal. Provably Hacked? (Read 247 times)

legendary
Activity: 3178
Merit: 1054


its never too late to advice them to move to the non custodial exchanges. too big of a loss, do you think Kucoin will stop its operation because of this hack like for good like the cryptopia and so?

if they have the funds, there is no stopping them from with drawing the balance. did the exchange already announce that they will give back what was lost from their partisans?
legendary
Activity: 1806
Merit: 1521
They have a long history of fake news, volumes, stats, so why someone to even believe them?
Kucoin does?  I hadn't hear anything of the sort about them, though any exchange doing shady things wouldn't surprise me--most are unregulated and in a lot of cases it's still the wild west out there.

I don't consider them to be a major volume faker. Their volume numbers are nothing like the big boys, or the fake volume churners like Okcoin and Huobi. They have had a scandal or two associated with scammy token launches, but that's par for the course these days when it comes to altcoin exchanges.

We'll see what comes of this.  I heard in another thread that the amounts involved are pretty big, so....

Someone said it earlier and it seems to be true: tokens are pretty easy to recover, and that's where the vast majority of value was stolen. The token smart contracts can be forked by the developers to invalidate or freeze the hacked coins. This token swap will mean another $11+ million saved: https://twitter.com/lyu_johnny/status/1310586805650038786

If not for that, I honestly don't think Kucoin could recover from this. The amounts are just too big for them. But if $150+ million in token losses can be mitigated, that changes things quite a bit.
legendary
Activity: 3038
Merit: 1104
This is what I do. I drink and I know things.
Kucoin does?  I hadn't hear anything of the sort about them, though any exchange doing shady things wouldn't surprise me--most are unregulated and in a lot of cases it's still the wild west out there.  And yeah, of course they're trying to reassure their customers.  I'm sure Kucoin doesn't want to lose any. 

We'll see what comes of this.  I heard in another thread that the amounts involved are pretty big, so....


Just a link from an explanation video based on an article from "The Block", a year ago. Maybe if I dig my files, I can find older ones.
https://www.youtube.com/watch?time_continue=92&v=OX0A_qyCq2o&feature=emb_logo

And you are right, who wants to lose customers? So maybe if they did a better job to secure them, they wouldn't have to reassure them...
Estimated (?) $150mil but nobody really knows, except the "hacker(s)". Eventually, we will all know at some point.
legendary
Activity: 3528
Merit: 7005
Top Crypto Casino
He confirmed a hot wallet (or some hot wallets) were compromised, but said the losses were limited and users won't be affected. All losses will supposedly be covered by their insurance fund. Fingers crossed.
Same here--I don't have anything but dust on Kucoin, but I don't want them to go out of business as the result of a hack (or any other reason).  There aren't many exchanges available to US residents that offer a variety of altcoins and don't require KYC.

They have a long history of fake news, volumes, stats, so why someone to even believe them?
Kucoin does?  I hadn't hear anything of the sort about them, though any exchange doing shady things wouldn't surprise me--most are unregulated and in a lot of cases it's still the wild west out there.  And yeah, of course they're trying to reassure their customers.  I'm sure Kucoin doesn't want to lose any. 

We'll see what comes of this.  I heard in another thread that the amounts involved are pretty big, so....
hero member
Activity: 2786
Merit: 902
yesssir! 🫡
So they started an insurance fund in 2018 but there's no trace of it. It doesn't make sense that you would not announce something that could potentially bring more users...

even their reddit mods have never heard of it

3 months ago
As a global exchange, security is one of our top priorities. We developed all the infrastructure and systems by our own to ensure its stability and security.

We have plenty of security mechanisms to protect the digital assets of our users and we are working with many 3rd parties like Chainalysis, white-hats to improve the security level.

We know that a few exchanges set up a fund after being hacked while we do not have such a thing at KuCoin. It is because we care more about how to prevent such things from happening. While of course, if any users suffered losses because of our fault, we will take the responsibility to solve the problem, and cover the losses.

(They dodged it) A year ago
Protecting users’ privacy and assets from infringement is our priority. Through a combination of account security features, frequent updates to our security policy, and vigilant monitoring of system security, we are prepared to take immediate measures for any abnormalities. Thank you!

They do have an insurance fund in their futures platform but this was established on 2019 and it doesn't look like it is made for hacking losses but instead for liquidation losses. Well, I guess they could use it for this incident, but the problem is, it's nowhere near enough (https://futures.kucoin.com/contract/history-fund) cause it barely makes $1M.
legendary
Activity: 3038
Merit: 1104
This is what I do. I drink and I know things.
Kucoin is probably one of the most safest places on earth about security, they are really taking it more seriously than any other place I have seen.

Leaking all their hot wallet keys (not just for one or two currencies) suggests otherwise. Tongue

Honestly, they had too much ERC-20 value held in hot wallets. The BTC, ETH, etc. losses are more manageable. What need is there for $30-40 million worth of Alchemy tokens in the hot wallet? Or that much USDT, for that matter? Who is withdrawing that much, that regularly?

Exactly. Besides, if Kucoin takes security measures seriously then they should have fix them when almost all the crypto news-related sites suggest it to them. Instead of listen their warnings they choose to look the other way and here we are... Sad
Probably either the "hacker(s)" move them there and waits the right moment to withdraw them all or they have hot wallets not only for regular tx's but for staking/ "investment plans"/  fixing numbers, you name it. For sure and I totally agree with you, it smells bs!


It's not an insurance policy from a real insurance company. It's just a "fund" they supposedly put aside to compensate losses in the event of a hack.

A "fund" without any proof of existencel. Just their word... They have a long history of fake news, volumes, stats, so why someone to even believe them? I believe that they want to cool off the heat and reassure their clients that everything is ok. Undecided
legendary
Activity: 1806
Merit: 1521
Kucoin is probably one of the most safest places on earth about security, they are really taking it more seriously than any other place I have seen.

Leaking all their hot wallet keys (not just for one or two currencies) suggests otherwise. Tongue

Honestly, they had too much ERC-20 value held in hot wallets. The BTC, ETH, etc. losses are more manageable. What need is there for $30-40 million worth of Alchemy tokens in the hot wallet? Or that much USDT, for that matter? Who is withdrawing that much, that regularly?

I have seen some documents they work on about the security deal, from insurance perspective and I can tell you that they really do everything in regards to security because thanks to that security, insurance companies do not mind insuring all the money they have. If they weren't that secure insurance companies would be scared away from the deal. So at the end of the day they are both secure because of it but also thanks to it as well and nothing could happen to our money there.

It's not an insurance policy from a real insurance company. It's just a "fund" they supposedly put aside to compensate losses in the event of a hack.
legendary
Activity: 2464
Merit: 1102
Kucoin is probably one of the most safest places on earth about security, they are really taking it more seriously than any other place I have seen. They will make sure that they fix whatever the issue is and none of our funds would ever be a problem, they will definitely credit it to everyone.

I have seen some documents they work on about the security deal, from insurance perspective and I can tell you that they really do everything in regards to security because thanks to that security, insurance companies do not mind insuring all the money they have. If they weren't that secure insurance companies would be scared away from the deal. So at the end of the day they are both secure because of it but also thanks to it as well and nothing could happen to our money there.
legendary
Activity: 3038
Merit: 1104
This is what I do. I drink and I know things.
Wasn't Kucoin also recently looked into by the authorities and asked to implement more security measures?

Yes, it was but they don't do a thing to prevent this "hack". Just posting the latest news from CT about it:
https://cointelegraph.com/news/not-your-keys-not-kucoin-s-red-flags-ignored?utm_source=Telegram&utm_medium=social

Not your keys,

Not your coins... Sad
legendary
Activity: 2968
Merit: 3684
Join the world-leading crypto sportsbook NOW!
Wasn't Kucoin also recently looked into by the authorities and asked to implement more security measures? Didn't know they had a recovery fund so that's good, sort of like Binance's recovery fund then in that case. Problem is you can't really tell if people are safe until you ask everyone to withdraw at once (or ask Kucoin for proof of assets, which they won't do).

Not your keys, people.
legendary
Activity: 1806
Merit: 1521
(....)
I thought the fund lost is in millions? how can the CEO downplay the incident?

Not your keys, not your Crypto – Kucoin Hacked! $150m Stolen.

Yes, they said that it is SAFU, but still he can't just say the losses were limited here.

By the way the SAFU, it's kinda different from Binance which they totally have
Secure Asset Fund for Users (SAFU). So if Kucoin will cover the losses, for sure it will came from their own pocket not like the SAFU of Binance which came from trading fees of every users.

Kucoin copies everything Binance does, even down to their establishment of an insurance fund like SAFU.

They say they've been contributing to their insurance fund since early 2018, and that it can cover all these losses. Let's just hope they are telling the truth. Lips sealed

They are a top 20 exchange, but their volume isn't really comparable to the top exchanges like Binance. $150M would be significantly bigger than the Binance hack last year too.

I've got some funds there and I won't lie, I'm nervous.....
full member
Activity: 756
Merit: 231
That's sad. Hopefully, the hack doesn't do a lot of damage to the exchange. Seriously speaking about some of these exchange hacks especially those coming directly from the exchange hot wallets, there is noway someone can bypass all the security measures unless if it's an insider job and someone got access to the private keys.
My concerns too, I think the hot wallet was to be kept safe, especially with big cryptocurrency exchanges like KuCoin. Series of these hacks from hot wallet aren't a joke of any sort but should be see as a threat to crypto exchanges, having such responsibility to keep a private key that belong to exchange demand high-level of security IMO. Lu should have know better than this, although victims funds will be refunded as nothing will happen to their savings(according to their CEO). Hope this help other crypto exchanges to sit tight in terms of exchange security.

This type of hacks always have huge negative impacts to the community.

Good news for the community:


The best move ever, kudos  Cheesy
legendary
Activity: 2506
Merit: 1394
(....)
I thought the fund lost is in millions? how can the CEO downplay the incident?

Not your keys, not your Crypto – Kucoin Hacked! $150m Stolen.

Yes, they said that it is SAFU, but still he can't just say the losses were limited here.
I think the CEO is only acting like that so the users of the exchange will not panic and so their customers will still continue their exchange. It's difficult to know now how much the lost.

By the way the SAFU, it's kinda different from Binance which they totally have
Secure Asset Fund for Users (SAFU). So if Kucoin will cover the losses, for sure it will came from their own pocket not like the SAFU of Binance which came from trading fees of every users.
legendary
Activity: 1806
Merit: 1521
I thought the fund lost is in millions? how can the CEO downplay the incident?

If they can cover the losses through their insurance fund, he can downplay it all he wants.

I'd love to see some confirmation about the total funds stolen. That $150M number floating around is a bit scary. Apparently the vast majority of that is in lower cap shitcoins. https://decrypt.co/43015/cryptocurrency-exchange-kucoin-likely-hacked-reports

It looks like ~1K BTC were taken. https://twitter.com/cryptoquant_com/status/1309668583908061185

But all of this is speculation until Kucoin publishes all the details. Fingers crossed that they follow through on their promise to cover all losses with their insurance fund, and to open withdrawals up in the next several days.
hero member
Activity: 2870
Merit: 594
According to whale alert on Twitter, large withdrawals were still happening from Kucoin addresses even after the disabling of withdrawals and deposits.

Most exchanges would withdraw hot wallet funds to new wallets in a case like this, even if only as a precaution. I assume that's what was happening after withdrawals were shut down.

The CEO just did a live stream: https://www.youtube.com/watch?v=nRzL0kdUnME

He confirmed a hot wallet (or some hot wallets) were compromised, but said the losses were limited and users won't be affected. All losses will supposedly be covered by their insurance fund. Fingers crossed.
I thought the fund lost is in millions? how can the CEO downplay the incident?

Not your keys, not your Crypto – Kucoin Hacked! $150m Stolen.

Yes, they said that it is SAFU, but still he can't just say the losses were limited here.
legendary
Activity: 2268
Merit: 1379
Fully Regulated Crypto Casino

Another reason to never store your assets on a custodial wallet as you are making someone else responsible for your security; not your keys, not your coins.

Thats right. Anyone knows how unsafe cex market and the one will be losing here is those traders.

But I didnt expect that Kucoin will fall under such attacl or breached.

According to the post they stipulated.


We detected some large withdrawals since September 26, 2020 at 03:05:37 (UTC+8). According to the latest internal security audit report, part of Bitcoin, ERC-20 and other tokens in KuCoin’s hot wallets were transferred out of the exchange, which contained few parts of our total assets holdings. The assets in our cold wallets are safe and unharmed, and hot wallets have been re-deployed.

To ensure the security of users’ assets, we will conduct a thorough security review. The deposit and withdrawal service will be suspended during the period. We will restore the service gradually after ensuring a safe state. We will keep you updated.

As "The People’s Exchange", we will take full responsibility and maintain transparency. To keep you updated regarding the latest updates, our CEO Johnny Lyu will update more details through a livestream at 12:30 (UTC+8)
What I like is the fact that they are gonna take full responsibility to those account that have been affected. My friend got 1500$ token there as far as I remember but it seems it was also been affected. Anyway he said he already message them to check it out and file for refund or any process to get it back.

copper member
Activity: 2170
Merit: 1827
Top Crypto Casino
That's sad. Hopefully, the hack doesn't do a lot of damage to the exchange. Seriously speaking about some of these exchange hacks especially those coming directly from the exchange hot wallets, there is noway someone can bypass all the security measures unless if it's an insider job and someone got access to the private keys.
legendary
Activity: 1806
Merit: 1521
According to whale alert on Twitter, large withdrawals were still happening from Kucoin addresses even after the disabling of withdrawals and deposits.

Most exchanges would withdraw hot wallet funds to new wallets in a case like this, even if only as a precaution. I assume that's what was happening after withdrawals were shut down.

The CEO just did a live stream: https://www.youtube.com/watch?v=nRzL0kdUnME

He confirmed a hot wallet (or some hot wallets) were compromised, but said the losses were limited and users won't be affected. All losses will supposedly be covered by their insurance fund. Fingers crossed.
legendary
Activity: 2114
Merit: 2248
Playgram - The Telegram Casino
According to whale alert on Twitter, large withdrawals were still happening from Kucoin addresses even after the disabling of withdrawals and deposits.


The likely situation is they were hacked and the withdrawals were direct transfers on the blockchain (hackers have access to the private keys) so, it is not affected by their security measures, hence only regular users have their assets locked.
The CEO is currently live on YouTube to explain the situation - https://t.co/gsM6XLjMRX?amp=1

Another reason to never store your assets on a custodial wallet as you are making someone else responsible for your security; not your keys, not your coins.
legendary
Activity: 2436
Merit: 1189
Need Campaign Manager?PM on telegram @sujonali1819
Just saw some tweets in kucoin exchange twitter profile about the issue of large withdrawal. Some are saying provably they are hacked. And in this period people can not make any deposit and withdraw their asset.
Some source:


https://twitter.com/kucoincom/status/1309689557206491137

https://decrypt.co/43015/cryptocurrency-exchange-kucoin-likely-hacked-reports
Jump to: