KuCoin confirmed a security breach on September 26, affecting its Bitcoin, Ether, and ERC20 hot wallets, but cryptocurrency prices remained unfazed.
KuCoin, a major cryptocurrency exchange based in Singapore, has confirmed a security breach of its ERC20, Ethereum, and Bitcoin hot wallets. Reportedly, hackers withdrew and stole over $150m worth of crypto and transferred funds to an unknown wallet.
As per Etherscan, KuCoin’s two Ethereum wallets transferred over 11,000 ETHs, which currently was trading at $350, and 150 Ethereum-based tokens were transferred to the hackers’ wallet, which is worth over $150m.
The breach occurred on Friday at 19:05 UTC. KuCoin confirmed the incident in a live stream on Saturday, 4:30 UTC.
The security breach was detected on September 26, and immediately the company initiated a security audit, after which it discovered large withdrawals from its hot wallets.
The digital currency exchange’s CEO, Johnny Lyu, stated that one or more hackers obtained the private keys to KuCoin’s hot wallets and drained funds.
The exchange quickly transferred the remaining funds to new hot wallets, froze customer withdrawal and deposit systems, and closed the hacked wallets.
Lyu explained that cold wallets were not affected since these weren’t connected to the internet. Hacker(s) managed to steal different types of tokens, Bitcoin assets, and ERC-20 tokens.
Hot wallets serve as a temporary storage system for crypto exchanges and facilitate funds transfer and power conversion operations.
The exchange has promised to reimburse affected users through its cold wallets. They will also release the wallet address of the hacker and the list of stolen funds soon.
The exchange’s token KCS’ price fell by 14% to $0.86 within an hour after the hack. However, Bitcoin and other cryptocurrencies, including Ether and Decentralized Finance tokens’ price, remained unfazed.
KuCoin’s CEO has approached international law enforcement to investigate the security breach, and may provide more details in another live stream due at 12:30 UTC on September 26.
If you are one of the victims of the breach, keep an eye on KuCoin’s security advisory as the company is consistently updating users with the latest development.