In response to the recent KuCoin Security Incident, KuCoin Global CEO Johnny Lyu hosted a livestream at 00:30 (UTC+8) on September 30, 2020, and announced more updates regarding the security incident.
He mentioned that 10 coins with the total value of over $140 million are now out of the control of the suspicious addresses. Also, it is expected that a growing number of the affected digital assets will reopen deposit & withdrawal over the coming days.
Here’s the recap of the livestream.
Hello, everyone, this is Johnny Lyu, KuCoin Global CEO.
Today, I’d like to share the latest progress of the KuCoin Security Incident on September 26 with you all via live stream.
Prior to getting to the subject, on behalf of KuCoin, I would like to thank all the institutions and individuals for offering their hands, for supporting and encouraging us.
Well now, I will report the latest progress of the incident to you all:
Joining hands with external industry experts working 24/7 non-stop to track down the suspicious addresses and asset flows, the Special Task Force of KuCoin has guaranteed that 10 coins with the total value of over $140 million are now out of the control of the suspicious addresses.
Among them, together with VELO, the 122 million VELO tokens (about $75.7 million) are secured; Together with ORN, 3.82 million ORN tokens (about $9.5 million) have been secured, with withdrawal being reopened 14 hours ago; Together with KAI, 525 million KAI tokens (about $10.2 million) have been secured.
The Special Task Force of KuCoin has also coordinated with related institutions to successfully freeze the other 7 projects tokens kept on the suspicious addresses. To follow up, the Special Task Force is working intensively to execute smart contract re-deployment, token swap and other actions.
Within the first 12 hours, the Special Task Force finished sending out an urgent notification to all the 100 plus projects affected, 90% of those got back to us in 48 hours. Right after that, the Special Task Force cooperated closely with these projects, we are now preparing for the next step. The Special Task Force and I will expect to see a growing number of the affected digital assets to reopen deposit & withdrawal over the coming days.
Although the deposit & withdrawal service has not been fully enabled, other services KuCoin provides are not affected, including: spot trading, margin trading, futures trading, P2P Fiat trading, red envelope function, Pool-X staking, Pool-X liquidity trading platform, Kratos voting and governance function, and the Instant Exchange function. Meanwhile, all the ongoing activities of KuCoin will proceed as planned, and the activity rewards and prizes will be released to users as normal.
Hereby I would like to re-emphasize that if any user fund is affected by this incident, it will be covered completely by KuCoin and our insurance fund. Please rest assured.
Elsewhere, regarding the investigation progress of the reason for the private key leakage of KuCoin hot wallets that attracted a lot of attention, please allow me to briefly elaborate here.
KuCoin established the Special Task Force gathering internal security experts and external industry professionals right after the incident bursted. With top-notch tech capability, we have carried out thorough investigation against the hacker’s attack path, and inch-by-inch search, now we have obtained substantial clues.
Based on all these info, we are now on joint-investigation with law enforcements across countries and regions. As asked by the law enforcements, we will be able to publish all the details once the case is closed.
It’s been over 90 hours since the incident bursted. During such “darkest hours”, I am thankful and relieved for having a solid team that shows impressive strength in risk management practice, capability of quick response and staying calm, as well as firm belief in protecting user assets by all means.
The above is a brief of our so-far progress, and it’s just the beginning of our step-1 action.
Now, I have something new to share, something more forward-looking. We will be launching a new initiative, “Safeguard Program”. “Safeguard Program” is committed to providing comprehensive protection and support for individuals and institutions who are affected by "security incidents". This includes but not limited to assistance with technical support, evidence retention, asset confirmation and offering preferential policy.
We sincerely hope more and more institutions, experts, and tech teams will join the “Safeguard Program”, and fight side by side with us against future cyber security wars with the strongest determination.
We hope, starting from this incident, when someone encounters a security threat, a dedicated multi-force will be easily and swiftly pulled together to offer security, legal, and asset recovery assistance, and ultimately reduce the cyber crime risk.
A dedicated team will be established, which will preach the spirit of “Safeguard Program”. Let’s join hands to fight for security, as security breeds prosperity. More details of “Safeguard Program” will be available on KuCoin website, please stay tuned.
Last but not least, I would like to share some of my personal feelings and observations over this incident.
Sometimes, human nature darkens. Sometimes, human nature shines.
In the process dealing with the incident, a lot of projects offered their hands of cooperation in the first second.
For example, ORN who is the first one made a response to KuCoin, within 6 hours after the incident. ORN quickly contacted other exchanges to suspend deposit and withdrawal, then kept close communication with the KuCoin team. Through friendly consultation between both parties, we agreed that a Token SWAP was an executable solution at this point of time, and it is also the best solution for KuCoin users, the project team, and its token holders.
The ORN team actively worked with the KuCoin team, and successfully completed the Token SWAP within 36 hours.
Users are perfectly protected from asset losses, while the project itself avoided a disastrous secondary market tumble.
Actually in the history of crypto, token swap or hard fork situations emerged several times among Bitcoin and Ethereum communities at critical timings. With that, communities survived from serious crises, and everyone felt thankful to those teams that made contributions.
However, in contrast to the caring spirit and long-term vision of projects like ORN, KAI, and VELO, we noticed that some projects ignored the likely harm from the stolen assets to the market, and the hacker’s follow-up actions that might seriously hurt the right and benefits of the community, some of them refused to cooperate.
What’s more worrisome is, some even twisted the knife. Regardless of centralization or decentralization, the security issue has always been the The Sword of Damocles dangling above the whole industry’s neck. It is because that Satoshi and Vitalik went against the criticism of “centralization” and carried out the hard fork, that the whole community survived from the crisis and saved the spark of blockchain.
Today, we also would like to appreciate the developers and projects standing out with sincere gratefulness.
While the ORN, KAI, VELO team is working on fixing the problems, we also saw challenges that argued their solutions might be too “centralized”.
Richness of blockchain has never been simply summarized as so-called "decentralized". The powers who helped the industry to overcome crises many times in history are never just Blockchain technology, but also every crypto community member, their faith and shoulders. This is how we grow from many crises, and become who we are today, a strong global decentralized community.
In order to protect the assets of community users, we hope that more teams can solve problems from the perspective of the interests of community members. KuCoin will cooperate with these teams 24/7 to solve any problems.
As a crypto team just turned 3 years old, although we never slack off on security-related issues, we couldn’t dodge the cruelest coming-of-age ceremony that every predecessor used to embrace. Luckily, we have the most saturated aid from the whole crypto community, which equipped us with the strongest power to crack such a hard nut.
We consider the incident the silver lining, as it significantly strengthened our faith in the crypto community, and pushed us to re-think the method of solving trust issues in a trustless way.
Thanks again for the support provided by the whole crypto world. KuCoin will do our best to solve the problem.
KuCoin Team