Bitcoin Forum

Live stream from the CEO ended an hour ago: https://www.youtube.com/watch?v=nRzL0kdUnME

TL;DR hot wallets were hacked, cold wallets secure, the amounts in question are limited but they haven't officially published the amount stolen. The CEO Johnny Lyu says, "the affected amount in this accident is a small amount for Kucoin. We are going to take the loss."

Their last official update suggests the same thing: "Please rest assured that if any user fund is affected by this incident, it will be covered completely by KuCoin and our insurance fund."

https://www.kucoin.com/news/en-kucoin-security-incident-update

Deposits and withdrawals are still suspended. "We are going to gradually open withdrawals in the next week."

It is sad that these kinds of things happen, but when they suspend withdrawals for a long period, something like more than 2 days, do they not consider that people may have emergencies that would lead them to need their money? because the impression I get when I read this kind of thing Is it seems to me that the owners of the exchanges think that people do not urgently need the money that is on the exchange, I understand that being hacked is a big problem, if they have an insurance fund and have not suffered many losses then why do they need to stay for days to resume withdrawals and deposits? someone explain this to me? does this measure serve to investigate something or are they hiding the truth and are looking for money to cover losses?

It's more important they plug any and all security holes, harden their risk assessment algorithms, and penetration test against future attacks. They probably don't even know exactly how the keys were compromised yet. Immediately opening withdrawals back up could lead to more losses.

Anyone remember how long it took Binance to open withdrawals up after they got hacked last year?

"Not your keys, not your coins."

Kucoin wasn't the first exchange that was hacked and won't be the last.

I had 50 grins there I hope my beer money is safe.  8)

Did you quote the CEO from the video? Because the blog article doesn't say anything about "next week" (unless it got edited?):

now I understand, but are these cases of hack not linked to the employees of the exchange itself? first they should investigate the employees of the exchanges whenever there are such cases


it took more than 7 days

They take not too much time for enabling deposits and withdrawal because they are one of biggest crypto exchange in world so they done this all very quickly https://www.coindesk.com/hacked-crypto-exchange-binance-to-resume-deposits-and-withdrawals-on-tuesday

The quote is from the live stream, yes. He is speaking in Chinese, with a translator off camera going sentence by sentence in English. Not sure about the quality of the translations. I just included a few of what seemed like important answers.

Edit: They summarized the live stream. https://www.kucoin.com/news/en-kucoin-ceo-livestream-recap-latest-updates-about-security-incident



That sounds right. Better safe than sorry.

I just hope they aren't using this to buy time before coming clean about an inability to cover withdrawals. Anyone know if there is public data available on the size of their insurance fund?

It seems they only show the insurance fund for futures trading only https://futures.kucoin.com/contract/history-fund it's around $300,000. I think they have other funds for this kind issues.

Good news: Bitfinex and Tether were able to freeze ~$33M in USDT associated with the hack. That's something like 20-25% of the alleged token losses right off the bat.

https://twitter.com/paoloardoino/status/1309771801581494272


That's just the futures insurance fund to cover liquidations during high volatility.

In their live stream, the CEO said they've been building this insurance fund since early 2018. Kumex (now Kucoin Futures) didn't even exist back then.

I woke up in the morning and saw this news then I was like DAMN! It's very risky to deal with exchanges. There are countless hacks so far and this is not a very good thing. May be someday we will have decentralized exchanges where we can trade our coins including bitcoin in a common chain.

That's good to know. Hopefully people do not get effected much. Binance did it twice if I am not wrong.

I fully agree that you can't warn people enough about the risks of leaving money on external wallets. But if KuCoin posts that everyone is covered by its insurance, then what is the relevance of posting "not your keys blahblah"?

We've had this discussion (https://bitcointalk.org/index.php?topic=5251040.0) many times before. But as an exchange user, you have to absolutely make sure you're on a trustworthy exchange (https://bitcointalk.org/index.php?topic=4466328).

Don't just post "not your keys etc" because it sounds good and it makes people panic, but at least explain why to them or they will never understand.

The problem is not about hacking, but rather a leak of data, as I read in one of the articles^[1] that the private keys, which means that even after shutting down the server, the hacker was able to transfer some coins, the leakage of the private key is a dangerous and mean that hackers has access to more sensitive data.

It seems that the people inside the platform are sophisticated, the hackers are usually quick and they transfer money into BTC quickly and not keep USDT.

[1] https://coinfomania.com/kucoin-hacked-with-large-btc-erc-20-tokens-gone/

The good thing is that people money is safe in this incident as the exchange has their insurance fund, from which they will pay the loss of the customers. I remember last time when binance exchange was hacked, they also did not let their customer experience the loss, because they maintain an insurance fund for this kind of unforeseen incidents.

There is nothing wrong with that sentence. It is the truth.

If you don't have your private keys, those coins don't belong to you anymore. Somebody else owns your coins. What you really own is, a promise.

A promise of having coins.

You should panic too if you hold too many coins on an exchange, that's good for your health.

Here is a recent real life example from me:


The amount I tried to withdraw was 5 bucks.

edit: problem got solved. I still hated it that I had to verify myself to move my funds out.

So you think that his kucoin hack is an inside act by the employees of kucoin or even the kucoin management is also involved in this hack drama ?
If this is true, i never understand the motive behind this act because the site will gain nothing from this as they promised to use insurance fund to cover the loses.

There are some rumours floating around and the insider job thing is one of them. Keep in mind this is just some rumours and not facts. And if this is true, then it is for personal benefits obviously, not to drag Kucoin's image or something like that. Other possibilities are some hackers managed to send their malware to one of Kucoin employees, install a keylogger, or something like that and he got the seed/key of the hot wallet.

I think a third-party investigation or police investigation is necessary.

according to the "suspicious" addresses published by kucoin, the total losses are in the realm of $193 million! https://decrypt.co/43036/kucoin-hack-closer-to-200-million-as-team-releases-more-suspicious-addresses

granted, tether has managed to freeze most/all of the USDT ($36 million?) and some of the ERC-20 token issuers will be blacklisting and reissuing tokens to nullify the hack. but that's a big chunk of change! :o


literally every time an exchange gets hacked, people say it's an inside job and exit scam.

it's impossible to know the truth this early on, but immediately doing a video AMA and promising to reimburse all losses is a good start. that's not usually the way an exit scam starts.

I'm glad that we finally reached the point at least the bigger exchanges have the tools to cover the loss of this kind of incidents.
Now let's see what will be the path of these funds...



Exactly. But if they will pay up from their own pockets or insurance funds to cover the loses, it's not worth it. If they use insurance funds then in the future the insurance fees will be significantly bigger.

Cant really blame if people would really have that kind of perception anytime an exchange had been hacked.Its neither an inside job or truly an external attack and as mentioned above, knowing the truth is impossible.

This is the hardest part when you do really store up some coins on an exchange where you wouldnt know on when a hacked would happen.There are already a few top exchangers had already had the same incident
but people are still confidently storing up their coins in spite of that and when hack do occurs then thats the time they do really regret out.

Good thing that they do consider out on paying up those losses from their own pockets which is a good thing. Total losses of 200M on this incident cant be considered small as they had proclaimed but rather this one will really put up some serious marks into their own pockets but they dont have any options but to compensate on whats had been lost rather than risking out the entire business reputation.

Well, that's good as long as it's true.  The announcement was vague as to how much was stolen, but I get the feeling it's not a huge amount--hopefully.  It certainly doesn't sound like it was a hack big enough to bankrupt Kucoin, and that's a good thing.  They're the only exchange I ever bother using when I buy altcoins.

As to the inside job rumors being posted, who knows.  I guess that's always a possibility, but I'm not sure how many previous "hacks" on exchanges have turned out to be perpetrated by exchange insiders.  You would think that these businesses would have figured out how to keep their funds secure by now, but obviously that isn't the case.

Oh shit!  I didn't read your post until I was going to quote another one.  If Kucoin got hacked for $193m, that's pretty damn significant.  I'll be keeping a close eye on this story.

Damn straight, and I'm glad I didn't have any funds on Kucoin (though I don't think I would have been affected by this anyway) at the time of the hack.  They might recover from this just fine, but as a general rule those words are what every newbie in crypto should learn before anything else.

There's no such place as a safe-haven and for those people who've been keeping on patronizing exchange platforms as a form of wallet of their coins then they would already have the doubts starting now.Excluding those big hacks that made platforms closed its doors .. We already had Binance and now Kucoin who experience hacking incident but they arent running from the incident but instead they do pay up on what they had lost.
As long the number of users on consistent manner then they would able to get those on what they have lost on a period of time but time will tell if trust to this exchange had been broken out already or people would just still remain and continue to trust up.

Kucoin is the 16th biggest crypto exchange, according to CMC (https://coinmarketcap.com/rankings/exchanges/), so this incident is unlikely to be an exist scam. Besides, keeping their customers updated is a good sign.
~$150M is too much money even for them,though, and am not sure if what they have in their insurance fund will be enough to cover it.

Maybe this hack will not cause them to completely shutdown but, surely, it will seriously affect their business and it will take them too long to recover.

one thing that provides some hope is that the majority of value stolen (by far) was in ERC-20 tokens---many of which are extremely illiquid and can't be liquidated easily through DEXs. and since they are centrally issued tokens, they can be blacklisted and recovered somewhat easily.

for example, ~20% of the entire amount hacked ($36 million) is in the "alchemy" ACOIN token. kucoin is listed on CMC as the only market for this token! there are $150 million in ERC-20 tokens just sitting in the hack address: https://etherscan.io/address/0xeb31973e0febf3e3d7058234a5ebbae1ab4b8c23

a lot of that can be recovered IMO. heck, $20 million of the value in that ETH address was already frozen by tether, with another $13 million being frozen on EOS.

so hopefully between their insurance fund and token issuers blacklisting/freezing funds, this is something kucoin can recover from. we'll see!

That's damage control 101. You need to assure the users that they are in good hands, that their funds are safe, and everything's pretty much under control. You need to pacify them. You don't want another problem to explode in the middle of a huge problem. But don't take it literally or as a guarantee. Nobody would say, "we got hacked big time, we're afraid this might bankrupt us."

Having said this, we still don't know how much was really compromised, whether their insurance could contain the losses or not, whether or not they could reopen withdrawals or trading in the week that follows, and so on.

I guess KuCoin is still assessing the damage done both in financial and security terms. My hunch is that it will take some time, probably more than a week.

Fortunately, they just announced that anyone who has an account in kucoin that was affected by the hacked is covered completely by their insurance fund. Just don't know if the total hacked funds were covered enough as well.

As the KuCoin Global CEO Johnny Lyu said on his livestream said that.

It's quite big on us but for them, he said that it is small part and I don't see if there is an exit scam for this hack incident. Besides, they are willing to pay thousands of bucks ($100,000) to point out who is the hacker that can trace and provide valid information to them.

Until now that case was still under investigations and the withdrawal and deposit function was disabled and Kucoin CEO said it's approximately take 1 week before the operation will back again.

Following the news the clients can take some breath. Therefore, The incident definitely bother me as the hacked amount is huge though. I'm not so much scared of losing since have no holding assets on Kucoin. Anyway, It's again remind us we wouldn't keep our cryptocurrencies on a exchange unless we're looking to sell it.

Good news, several companies behind affected ICO tokens are swapping out the hacked tokens. This KAI token swap will save over $10 million in value: https://twitter.com/lyu_johnny/status/1310194718530134022

The planned VIDT token swap will save almost $7 million too. There are a handful of other swaps planned but I'm not sure how much value they represent. The ones that aren't Ethereum tokens aren't easy to research for me.

But even if we ignore those, that's still ~$53 million (or ~27.5%) of the total losses that have already been saved, when you include the frozen USDT.

Sounds like this was an inside job. According to a tweet from the CEO:


https://twitter.com/lyu_johnny/status/1312359615091277824

I assume they could only ascertain that sort of proof internally if the thief were a Kucoin employee. That's a very positive development since it means the thief will probably cooperate with the investigation.

They've reopened deposits and withdrawals for 3-4 dozen coins and tokens so far. They say withdrawals will be reopened for major coins like BTC, ETH, and USDT shortly. I won't celebrate until my BTC and USDC are safely out of the exchange, but it looks like Kucoin will recover from this.

Somewhere on bitcointalk I saw the same tweet and where they discuss that Kucoin didn't really identified who wast the culprit but they found the address used and made them into public so all other exchange can blacklist the address so the hacker may not be able to cashout the funds.

Hope people's funds are same as Kucoin promised.

They published those addresses the day of the hack. The announcement that they found proof identifying the the culprit came a week later. These are two different things.

Either way, I just want them to open deposits and withdrawals for all coins and tokens, so I can get my money off. I kept a trading stash there. Nothing I couldn't afford to lose, but it'd still be a big relief to get it back.

Good news: Kucoin brought deposits and withdrawals back online for all the major cryptocurrencies. BTC, ETH, USDT, etc. https://www.coindesk.com/kucoin-restarts-deposits-withdrawals-for-bitcoin-ether-following-281m-hack

I've got my money off now. It was nothing I couldn't afford to lose, but it sure feels good to get my coins back.

All in all, ~$281 million was stolen, ~$204 million was recovered (tokens frozen and reissued, etc.) and $7.5 million in tokens were liquidated through DEX platforms. The amount of the losses are now down to the size of the Binance hack last year. Hopefully they can keep chipping away at it because I honestly don't know how big their "insurance fund" really is, if it exists at all.

Anyone else finding this token reissue "solution" deeply troubling? I understand the sentiment but it really opens a massive Pandora's box. Centralized exchange loses $300 million because they gave some crook access to their wallet... no big deal, we'll just tweak the blockchain the database. Perfect cover for a less-scrupulous exchange to steal from a large customer.

Also keeping that amount of funds in the supposed "hot" wallet doesn't make any sense but then again, it never does when those centralized exchanges get "hacked".

tbh, it's only troubling insofar as ICO tokens were centrally issued and not censorship resistant to begin with. a lot of tether and ICO token haters have been pointing that out for years---that centrally issued tokens can't possibly have the same security guarantees as decentralized coins like bitcoin.

in a way, it could be argued this is a feature and not just a bug. you can't have the expectation of censorship resistance of course, but hacks and thefts can be rolled back with ease. maybe this is a legitimate trade-off, as long as we all understand the limitations of highly centralized projects. tokens =/= cryptocurrencies etc.


that was the insane part to me. over $150 million in ERC-20 tokens alone. who the hell is withdrawing $40 million in ACOIN tokens on a daily basis? nobody, since kucoin is literally the only market for it, according to CMC anyway. madness!

the other hot wallet losses (BTC, ETH, LTC, etc) were in the range of what you'd expect, more or less. i dunno what they were thinking with their token storage. they were obviously too dependent on their internal risk controls (re withdrawal approval) and not planning for the possibility of getting their actual keys leaked.