In a notice published last week, KuCoin notified clients that it detected suspiciously large withdrawals starting September 26.
In response to the Incident, KuCoin Global CEO Johnny Lyu hosted a live stream and announced that part of the Bitcoin, ERC-20, and other tokens in KuCoin’s hot wallets were transferred out of the exchange, which contained few parts of the total assets holdings.
“The assets in the cold wallets are safe and unharmed, and the hot wallets have been re-deployed,” the CEO said.
The losses, however, are by no means trivial. According to an updated announcement, the attackers left with around $150 million in various Crypto currency, including Bitcoin, Ethereum, Litecoin, Stellar Lumens, Tron, and Tether. The firm has frozen the compromised hot wallets and has deployed new ones. KuCoin is also working with other exchanges to prevent the attackers from withdrawing the stolen funds.
Lyu tells customers to rest assured that if any user fund is affected by this incident, it will be entirely covered by KuCoin’s insurance fund.
“To ensure the security of users’ assets, we will conduct a thorough security review. The deposit and withdrawal service will be suspended during the period. We will restore the service gradually after ensuring a safe state. We will keep you updated,” the company said.
KuCoin has published a list of suspicious wallet addresses, urging clients to add them to their blocklist. The company is still trying to identify the vulnerabilities exploited by the attackers. Lyu also said his company would “definitely” upgrade its wallet risk management system.
Two weeks ago, crypto currency exchange Etherbase lost $5.4 million to hackers overnight. Interbase managed to track the criminals’ wallets to several rival crypto exchanges, including Binance, Huobi, and HitBTC. Like KuCoin, the firm assured customers it had the funds needed to cover the losses.