Cryptocurrency exchange Kucoin may have been hacked for $150 million in bitcoin and multiple ERC20 tokens.
The Singapore-based exchange confirmed the September 25 security breach, but did not disclose the amount stolen.
“Bitcoin, ERC-20 and, other tokens in Kucoin’s hot wallets were transferred out of the exchange,” said Kucoin in an update on Saturday.
Meanwhile, Bitfinex and Tether, issuers of the centralized stablecoin USDT, immediately froze a combined $33 million worth of USDT suspected to be part of the funds looted in the Kucoin hack – an action that has stirred questions around the influence of centralized platforms.
Paolo Ardoino, chief technology officer of both entities, tweeted that Bitfinex froze $13 million USDT on EOS as part of the hack. Tether froze $20 million USDT “sitting on this ethereum address as a precautionary measure,” he said.
In its update, Kucoin maintains that funds in its cold wallets (offline storage, which is less susceptible to hacks) are safe, even as the hot wallets were hit. Kucoin attempted to calm fretful investors, appealing:
If any user fund is affected by this incident, it will be covered completely by Kucoin and our insurance fund.
Kucoin, which prides itself “as the most advanced and secure cryptocurrency exchange”, said it will be suspending deposits and withdrawals to pave way for what it calls “a thorough security review.”
But these issues appear to have already been happening while the hack was in progress. Users started having difficulties with withdrawals on September 25th, long before the exchange had made any official announcement regarding the breach.
On September 25, at 9:55 p.m. (ET), the onchain analysis firm Cryptoquant’s Telegram signals channel detailed that Kucoin was hacked. “Usually, after being hacked,” Cryptoquant signals channel said. “The BTC outflow increases rapidly and then becomes zero. Since 20:00 UTC on September 25th, the outflow has continuously been zero.”