Dear KuCoin Users,
At 01:24 (UTC) on March 17, 2021, we encountered a targeted distributed denial-of-service attack (DDoS Attack) from the notorious Botnet, affecting the availability and stability of some services on the KuCoin website and app. No user assets were affected. As soon as the attack was detected, the KuCoin security team responded immediately and cooperated with our partners Cloudflare as well as AWS to resolve it. At present, all KuCoin services have been resumed.
A follow-up investigation found that this attack was an organized and planned DDoS Attack on crypto exchanges. During the attack, our security system detected a surge in traffic from a typical Botnet (as shown in the graphic below). A total of 14,756 malicious IPs directly participated in the attack, and more than tens of millions of abnormal access requests were initiated against KuCoin. The KuCoin security team took multiple measures to identify and mitigate the attack. By the time of 9:00 (UTC) on March 17, 2021, the attacker's malicious IP resources had been exhausted by the detection and blocking and the attack then had to be stopped.
During this attack, we also received a threat from an unidentified person who asked us to pay some Bitcoin to stop the attack. The person also stated that they had launched similar attacks on a number of major crypto exchanges, and successfully obtained ransom from many of them. Moving forward, we will cooperate with law enforcement to collect evidence of the attack. At the same time, we encourage exchanges that suffered similar attacks before to contact us and participate in the investigation together.
In response to the details of the attack and the IP addresses of the Botnet involved, the KuCoin security team will share the IP database with the entire industry in a future security analysis report, and jointly defend against cybercriminals and network attacks against the crypto industry.
As a response to such challenges in the future, we have established a close cooperation relationship with Cloudflare, a top anti-DDoS & CDN agency. At the same time, the KuCoin security team will improve monitoring to better ensure service stability and asset security. We welcome all to contact us via email (security@kucoin.com) or our online support to report any security vulnerabilities or consult security-related issues. We will take them seriously and give a timely response.
Thank you for your support!
The KuCoin Team
Find The Next Crypto Gem On KuCoin!