Kucoin exchange has experienced security breach with over 120 tokens affected

[Dragonfund]

The slang not your keys not your fund isn't a phrase to joke with when it comes to fund management and security. Earlier today, kucoin announced security breach in their announcement blog with over 120 tokens affected. The transaction were carried out in the following address

Code:

At 02:51 AM (UTC+8) on September 26, 2020, we received an alert from the risk management system for the first time, showing that an abnormal ETH transaction occurred with the TXID: 0x4b738df5d7f12e3fa1cbe83b8165c542da461ef0c9255fc1a3f275259a92623b

Then, a few more abnormal transactions for ETH and other ERC-20 tokens were monitored:

0x56fd1c3c8cc861c8abceafac7a175ccfb53bb87877750b0bfbd9581d8c52c1bc

0x57e205922325104f9d132ff7cdbb7eb94bfe15049b5c71cb7328f72bc69a7122

0xd2b21c8bb5c0bfafc98e86a2e924f3fe4223356748486bdccccdb8f58e16aa93

0xdf1f8ce5d491728a2573591b253e2a9ec6abda723c7d984af1f6f154cd231ed9

0xc3bd740534a530cfa5060daf937a24c5c90b1783550c6d9fa61daa2c1873e734

0x5bf11bd22b6653870c1ba8cad69ae0691e08d9f73762a5adfc9e37f1892d9eee

And all abnormal transactions are from this wallet address: 0xeb31973e0febf3e3d7058234a5ebbae1ab4b8c23

According to KuCoin Global CEO Johnny Lyu

We are locating the reason for the incident, and will keep users updated once it is confirmed. Please rest assured that if any user fund is affected by this incident, it will be covered completely by KuCoin and our insurance fund.

This is important for every member, learn to safeguard your tokens and fund on the wallet you hold the private key. Stay safe.


Source https://www.kucoin.com/news/en-kucoin-ceo-livestream-recap-latest-updates-about-security-incident

[BitcoinGirl.Club]

It's already in here, any kind of discussion will better suit there more than in the Beginners & Help section.

Update: I have just made a quick search and found out few more topics talking about the same thing 😜
Not your keys, not your Crypto – Kucoin Hacked! $150m Stolen.
KUCOIN exchange got hacked.

Search helps.

[friends1980]

Quoting "not your keys, not your coins" and "if any user fund is affected by this incident, it will be covered completely by KuCoin and our insurance fund" in the same post, is the same as contradicting yourself.

It's one thing or the other.

[Dragonfund]

Quoting "not your keys, not your coins" and "if any user fund is affected by this incident, it will be covered completely by KuCoin and our insurance fund" in the same post, is the same as contradicting yourself.

It's one thing or the other.

Will you wait for an exchange to be hacked because insurance fund is guarantee?
Not a wise decision in my opinion, it's always better to safeguard your fund.

Modified:
What will happen if the insurance fund couldn't cover the hacked funds?
The best way is to keep your gund to your self l

[Jawhead999]

Quoting "not your keys, not your coins" and "if any user fund is affected by this incident, it will be covered completely by KuCoin and our insurance fund" in the same post, is the same as contradicting yourself.

It's one thing or the other.

Will you wait for an exchange to be hacked because insurance fund is guarantee?
Not a wise decision in my opinion, it's always better to safeguard your fund.

To be honest @friends1980 just give his opinion about your thread. Not judge which is right and which is wrong, both of you're right. I see you're already know how dangerous leaving our funds trough centralized exchange, you only didn't explain it completely and more detailed.

Try providing suggestions with summary not all exchanges will always have insurance funds and not all exchanges will able to recover the loss from hacked (e.g. MtGox). MtGox was a popular and trusted exchanges on 2014. But after they got hacked (loss around 840.000 Bitcoin), they suspended all the transaction and decide to close the websites.

[DdmrDdmr]

Going over @VB1001’s list of Hacked Exchanges since 2011, this is certainly one of the biggies, and the amount is likely larger than the equivalent of 150M$, since this figure seems to be limited to ETH addresses (i.e. pending BTC toll and so forth).

Even if, as they state, their insurance will cover the losses, you never know where the amount is enough to draw the line and force the Exchange to close for good, with all that it entails for its customers. Can’t wait to see the “how” to these unfortunate events.

[1miau]

Going over @VB1001’s list of Hacked Exchanges since 2011, this is certainly one of the biggies, and the amount is likely larger than the equivalent of 150M$, since this figure seems to be limited to ETH addresses (i.e. pending BTC toll and so forth).

I'm not sure what happened exactly, why the hacker got access to (a) hot wallet(s) but if his access was limited to ETH and ERC-20 based wallets (what it looks like) KuCoin evaded from suffering an even bigger loss. For now, I haven't heard anything about wallets containing Bitcoin / BCash / BSV or Shitcoin like XRP / Chainlink / Polkadot / Cardano ....... being hacked.

Even if, as they state, their insurance will cover the losses, you never know where the amount is enough to draw the line and force the Exchange to close for good, with all that it entails for its customers. Can’t wait to see the “how” to these unfortunate events.

Same here. I'm also in doubt if that amount can be covered from an insurance fund. 150M (possibly more) is huge, even for KuCoin, a very big exchange. I really wish luck to KuCoin, their service is one of the better centralized exchanges compared to all the shitcoin wash-trading and scamming user sites. 

[pooya87]

Even if, as they state, their insurance will cover the losses, you never know where the amount is enough to draw the line and force the Exchange to close for good, with all that it entails for its customers. Can’t wait to see the “how” to these unfortunate events.

that's assuming they were actually hacked and not faked it. in the altcoin market that has lost a significant volume and also most of the remaining volume has gone into other bad exchanges like Binance, "getting hacked" can be very profitable. they just transfer the funds from one pocket to the other and then pay a portion of users a portion of what they lost over a very long time and pocket the profit.

[Twinkledoe]

Even if, as they state, their insurance will cover the losses, you never know where the amount is enough to draw the line and force the Exchange to close for good, with all that it entails for its customers. Can’t wait to see the “how” to these unfortunate events.

that's assuming they were actually hacked and not faked it. in the altcoin market that has lost a significant volume and also most of the remaining volume has gone into other bad exchanges like Binance, "getting hacked" can be very profitable. they just transfer the funds from one pocket to the other and then pay a portion of users a portion of what they lost over a very long time and pocket the profit.

I believe the amount lost was not significant as compared to their total assets. Though we are already talking hundreds of millions of dollars. Their hot wallets were compromised not their cold wallets. So I think they can still recover fast. But when it comes to paying those clients who lost their funds, I don't know yet what's their take  on that. Are they going to fully compensate those users?

[cryptomaniac_xxx]

Going over @VB1001’s list of Hacked Exchanges since 2011, this is certainly one of the biggies, and the amount is likely larger than the equivalent of 150M$, since this figure seems to be limited to ETH addresses (i.e. pending BTC toll and so forth).

I'm not sure what happened exactly, why the hacker got access to (a) hot wallet(s) but if his access was limited to ETH and ERC-20 based wallets (what it looks like) KuCoin evaded from suffering an even bigger loss. For now, I haven't heard anything about wallets containing Bitcoin / BCash / BSV or Shitcoin like XRP / Chainlink / Polkadot / Cardano ....... being hacked.

According to https://www.kucoin.com/news/en-kucoin-ceo-livestream-recap-latest-updates-about-security-incident;

Q1: What is the reason for the assets outflow?

Johnny: It is due to the leakage of the private key of KuCoin hot wallets. We have re-deployed our hot wallets already.

Q2: Which tokens were affected?

Johnny: Mostly BTC, ETH and other ERC-20 tokens. We are still working on the list.

So definitely they've lost BTC or at least it was part of the hack. But the leakage of private key arose suspicion of inside job to me? How can the hackers get their private key unless someone is a willing participate for the inside.

[UserU]

We cannot trust any exchange whether it be Binance or Kucoin. Both of them were hacked and our funds are not safe in online exchanges.
The best approach is to withdraw all the money from these exchanges and keep only limited funds there through which we can trade. Keeping your savings in an online exchange is not a wise decision.

Might be hard for daily traders due to liquidity and also the fees involved.

[aioc]

The slang not your keys not your fund isn't a phrase to joke with when it comes to fund management and security.

We cannot trust any exchange whether it be Binance or Kucoin. Both of them were hacked and our funds are not safe in online exchanges.
The best approach is to withdraw all the money from these exchanges and keep only limited funds there through which we can trade. Keeping your savings in an online exchange is not a wise decision.

But they already announced that trader's funds are secured they need to do this, they are regulated and they have an insurance and of course they have a good standing in the industry they do not want to lose the reputation, but an incident like this cannot be ignored they are aware that hackers are roaming around, they are aware that they need the best security and yet this things happen, who can we trust now.

[coupable]

The slang not your keys not your fund isn't a phrase to joke with when it comes to fund management and security.

We cannot trust any exchange whether it be Binance or Kucoin. Both of them were hacked and our funds are not safe in online exchanges.
The best approach is to withdraw all the money from these exchanges and keep only limited funds there through which we can trade. Keeping your savings in an online exchange is not a wise decision.

But they already announced that trader's funds are secured they need to do this, they are regulated and they have an insurance and of course they have a good standing in the industry they do not want to lose the reputation, but an incident like this cannot be ignored they are aware that hackers are roaming around, they are aware that they need the best security and yet this things happen, who can we trust now.

$150 million is a significant amount and i doubt if the exchange has enough funds to cover it [not talking about money from insurance]. About the hack, as the exchange is regulated, an investigation should take place during next hours. Strange to happen in this way as only eth based tokens were infected. An "inside job" is a great possibility.

[pixie85]

Going over @VB1001’s list of Hacked Exchanges since 2011, this is certainly one of the biggies, and the amount is likely larger than the equivalent of 150M$, since this figure seems to be limited to ETH addresses (i.e. pending BTC toll and so forth).

Even if, as they state, their insurance will cover the losses, you never know where the amount is enough to draw the line and force the Exchange to close for good, with all that it entails for its customers. Can’t wait to see the “how” to these unfortunate events.

You could find many examples of this happening starting with Gox where they had a hack, claimed that everything was fine, thought they could make the money back from fees but it didn't work and finally shut down and went bankrupt.

I don't believe them and if I had any money there available for withdrawal I'd be moving.