In response to the recent KuCoin Security Incident, KuCoin Global CEO Johnny Lyu hosted a livestream at 12:30 (UTC+8) on September 26, 2020, and announced more updates regarding the incident.
He mentioned that, according to the latest internal security audit report, part of the Bitcoin, ERC-20 and other tokens in KuCoin’s hot wallets were transferred out of the exchange, which contained few parts of the total assets holdings. The assets in the cold wallets are safe and unharmed, and the hot wallets have been re-deployed.
We are locating the reason for the incident, and will keep users updated once it is confirmed. Please rest assured that if any user fund is affected by this incident, it will be covered completely by KuCoin and our insurance fund.
Here’s the recap of the livestream.
Johnny first explained the timeline of the incident as below:
At 02:51 AM (UTC+8) on September 26, 2020, we received an alert from the risk management system for the first time, showing that an abnormal ETH transaction occurred with the TXID: 0x4b738df5d7f12e3fa1cbe83b8165c542da461ef0c9255fc1a3f275259a92623b
Then, a few more abnormal transactions for ETH and other ERC-20 tokens were monitored:
0x56fd1c3c8cc861c8abceafac7a175ccfb53bb87877750b0bfbd9581d8c52c1bc
0x57e205922325104f9d132ff7cdbb7eb94bfe15049b5c71cb7328f72bc69a7122
0xd2b21c8bb5c0bfafc98e86a2e924f3fe4223356748486bdccccdb8f58e16aa93
0xdf1f8ce5d491728a2573591b253e2a9ec6abda723c7d984af1f6f154cd231ed9
0xc3bd740534a530cfa5060daf937a24c5c90b1783550c6d9fa61daa2c1873e734
0x5bf11bd22b6653870c1ba8cad69ae0691e08d9f73762a5adfc9e37f1892d9eee
And all abnormal transactions are from this wallet address: 0xeb31973e0febf3e3d7058234a5ebbae1ab4b8c23
At 03:01 AM (UTC+8) on September 26, 2020, we received an alert from the risk management system regarding the abnormal remaining balance of our hot wallets.
At 03:15 AM (UTC+8) on September 26, 2020, the KuCoin team set up a special team to cope with the incident.
At 03:20 AM (UTC+8) on September 26, 2020, the KuCoin operation team urgently closed the server of the wallet and found that after the shutdown, there were still cases of abnormal transactions.
At 04:20 AM (UTC+8) on September 26, 2020, the KuCoin wallet team started to transfer the remaining assets from the hot wallet to cold storage.
At 04:25 AM (UTC+8) on September 26, 2020, the KuCoin wallet team, operation team and security team started to investigate the incident based on the information and clues collected.
At 04:40 AM (UTC+8) on September 26, 2020, the KuCoin team established a communication channel for important partners and Market Makers for this incident.
At 04:50 AM (UTC+8) on September 26, 2020, the KuCoin team made some initial findings regarding the reason for the incident.
At 04:50 AM (UTC+8) on September 26, 2020, the KuCoin wallet team transferred most of the remaining assets from the hot wallet to cold storage.
As of 05:00 AM (UTC+8) on September 26, 2020, we have been in contact with a growing number of crypto platforms including Binance, Huobi, OKEx, Bybit, Upbit, Bibox, Gate, MXC, BitMax, BigONE, BKEX, BitZ, HBTC, Hoo, Crypto.com, Bingbon, Renrenbit, LBank, Max/Maicoin, CoinW and more to blocklist suspicious addresses and trace the funds affected. Thank you all for your quick action and support.
At 10:41 AM (UTC+8) on September 26, 2020, the KuCoin team released the official announcement about the security incident.
Meanwhile, KuCoin is investigating the incident with international law enforcement, and we will offer rewards of up to $100,000 to those who can provide valid information to us regarding this incident. Please contact business@kucoin.com.
Afterwards, he answered a few of the most frequently asked questions:
Q1: What is the reason for the assets outflow?
Johnny: It is due to the leakage of the private key of KuCoin hot wallets. We have re-deployed our hot wallets already.
Q2: Which tokens were affected?
Johnny: Mostly BTC, ETH and other ERC-20 tokens. We are still working on the list.
Q3: How much are the affected digital assets worth?
Johnny: As many of the tokens are ERC-20 tokens, we are still evaluating the total value.
Q4: What’s the percentage of the assets being affected?
Johnny: The funds affected contain a small part of our total assets holdings.
Q5: When will the deposit and withdrawal functions be available again?
Johnny: Per our current estimation, within a week. We will be gradually enabling the withdrawal service.
Q6: Is KuCoin’s insurance fund enough to cover the losses?
Johnny: Yes, it’s enough. Starting from early 2018, we have established the insurance fund to deal with unexpected security issues such as this.
Q7: Can the assets be tracked back?
Johnny: We are in contact with many major crypto exchanges such as Huobi, Binance, OKEx, BitMax and Bybit, as well as blockchain projects, security agencies, and law enforcement to work on this. Some effective measures have been taken, and we will update with more details soon.
Q8: How to avoid such an incident from happening again?
Johnny: We have discarded the previous hot wallets, and we will definitely upgrade the whole risk management system of our wallet.
Q9: What about my ongoing withdrawal and deposit?
Johnny: Once we have enabled the deposit and withdrawal services,the ongoing deposit and withdraw requests will be completed gradually.
Q10: Why do the assets keep flowing out after the KuCoin announcement?
Johnny: For the sake of guaranteeing the security of users’ assets, our wallet and security teams are conducting those transactions.
At the end of the livestream, Johnny stated that KuCoin will continue to provide the updates on the progress of this incident, and keep the users informed via KuCoin’s official channels including the website announcement, Twitter, etc. For the blockchain projects that were affected, the KuCoin listing team has contacted them to track, block, and even fork related assets to cut the losses.
The above are the measures taken by KuCoin so far, and the answers to the most pressing concerned questions of our users. Johnny said that he and the KuCoin team deeply regret this incident and will continue to make more efforts and optimizations on the security mechanism, and face this incident head-on with no excuses.