On Friday afternoon, a number of Twitter users began to notice large withdrawals of Ethereum and ERC-20 tokens from Kucoin’s designated addresses. In the span of about thirty minutes, about $150m worth of ETH tokens left the wallets marked “Kucoin” and “Kucoin 2” on Etherscan.
As the coins that were withdrawn were basically all the capital that was in these addresses, many were quick to assert that it was a hack. But for hours, there was silence on Kucoin’s end, with the exchange’s moderators sharing little information about what had transpired.
A few hours after these suspicious withdrawals, admins of Kucoin’s social media channels asserted that users’ deposits were safe.
While this is true in that users will be compensated, Kucoin just confirmed that the withdrawals were made by a malicious actor as opposed to the company.
Users Affected by KuCoin Hack of Millions in Bitcoin, Ethereum & ERC-20 Tokens Will Be Compensated
Just minutes ago, approximately seven hours after the Ethereum withdrawals, Kucoin revealed that it had undergone a “security iandncident.”
The company’s internal security auditing team found that “part of Bitcoin, ERC-20, and other tokens in KuCoin’s hot wallets were transferred out of the exchange.” The funds that were withdrawn from the exchange comprised a “few parts of our total assets holdings.”
No clarifications were given to the exact specifics of the cryptocurrency stolen, but independent analyses that over $10 million worth of Bitcoin was taken from Kucoin-owned addresses. The $150 million worth of Ethereum and ERC-20 tokens — most of which are in Alchemy, Tether’s USDT, Ampleforth, and Ocean Token — withdrawn seems to be related to the attack. It cannot be properly ascertained of this is the case, though, at least not until a follow-up report from Kucoin.
The funds stolen from Kucoin’s addresses were funds stored in the exchange’s hot wallets as opposed to…