Hackers Drain KuCoin Crypto Exchange’s Hot Wallets
An Asian cryptocurrency exchange’s funds have been compromised in a security breach.
The Singapore-headquartered digital asset exchange KuCoin said in a statement that it detected large withdrawals of bitcoin (BTC) and ether (ETH) tokens to an unknown wallet beginning at 19:05 UTC time on Friday.
In a live stream at 4:30 UTC Saturday, KuCoin CEO Johnny Lyu said that one or more hackers obtained the private keys to the exchange’s hot wallets. KuCoin transferred what was left in them to new hot wallets, abandoned the old ones and froze customer deposits and withdrawals, Lyu said.
KuCoin’s cold wallets were unaffected, Lyu claimed. Cold cryptocurrency wallets are not connected to the internet and are considered more secure than hot cryptocurrency wallets.
Lyu did not disclose the amount of cryptocurrency that was stolen, but said that KuCoin would release the hacker’s wallet address and a list of stolen funds.
Two Ethereum wallets belonging to KuCoin have sent more than 11,000 ETH, which currently trades at a price of about $350, to an unknown wallet address, according to data from blockchain explorer Etherscan.
The unknown wallet address has also received over 150 Ethereum-based tokens worth more than $150 million, the Etherscan address information shows.
Over 200 cryptocurrency assets trade on KuCoin with a combined daily average volume of around $100 million, according to the crypto data site CoinGecko.
The price of KuCoin’s exchange token, KCS, fell by 14% to $0.86 within an hour on Saturday as news of the security breach spread on social media.
KuCoin is investigating the hack with international law enforcement and stolen customer money will be “covered completely” by an insurance fund, Lyu said.