Freeze, pause, reboot: Projects react differently to $200M KuCoin hack

Published at: Sept. 27, 2020

Following news of a security breach resulting in the loss of more than $200 million worth of tokens on KuCoin, many projects quickly reacted to prevent users’ holdings from being moved off to other exchanges. 

Speaking to Cointelegraph, KuCoin Global CEO Johnny Lyu said at least $129 million of the tokens affected in the breach and the Bitcoin (BTC), Ether (ETH), and ERC20 hot wallets impacted were “safe” or in a position to be recovered. Though reports initially stated hackers got away with $150 million in tokens, new estimates put the total closer to $200 million.

Hackers stole a number of ERC20 tokens as part of the theft, but many projects were quick to react to the breach. 

Members of the Ocean Protocol team have reportedly frozen more than 21 million OCEAN utility tokens, roughly worth $7.8 million at the time of writing. The project has since announced that it is initiating a hard fork of its contract to “reverse the ill-effects of the hack for anyone choosing to adopt the new version of the contract.”

In addition to the $33 million in tokens crypto exchange Bitfinex and Tether (USDT) reportedly froze, KuCoin’s Lyu stated the entities stopped an additional 2 million in USDT on OMNI and TRON. The CEO said KuCoin coordinated with VIDT_Datalink to freeze and recover $14 million of the stolen 14.49 million VIDT tokens as well as worked with Covesting to freeze and recover $560,000 COV tokens. Akropolis has also reportedly paused all AKRO transactions and blacklisted the hacker's known address. 

Other projects required different solutions to protect users’ funds following the breach, including swaps. 

Lyu said that KuCoin had worked with Silent Notary to upgrade its SNTR contracts and replace 78.9 billion of the stolen tokens, or roughly $100,000. KuCoin also worked with the Orion Protocol to complete a 3.81 million ORN token swap, worth approximately $8.8 million at the time of writing, and with Velo Labs to re-deploy and replace 120 million VELO tokens transferred to the hacker’s address, worth roughly $70.8 million. Kardiachain has reportedly recovered $9 million of the 524,948,751 KAI stolen from 2,976 wallets following a token swap.

Aleph was also forced to take drastic measures after the project reported on its blog that 8.5 million ALEPH — about $1.2 million — had been compromised in the breach. The project stated it had reissued tokens on a new smart contract, with the previous address and tokens “rendered obsolete.” 

Not all measures have been so effective. In a series of tweets on Sept. 27, crypto tracker Whale Alert reported that the KuCoin hackers had moved 540,000 Synthetix Network tokens (SNX) — worth roughly $2.7 million — in several transactions to unknown wallets. The project has not yet issued a statement on its Twitter account or blog at the time of publication. 

Reports of the extent of the breach are ongoing, but Lyu stated that KuCoin is prepared to completely cover any user funds affected by the hack through its insurance. The CEO said the exchange “will fully resume all the operations within a week.”

Tags
Related Posts
‘DeFi done right’: Layer-one protocol launches mainnet
A decentralized finance protocol has launched its mainnet — describing it as a crucial step on the journey to a frictionless financial future. Radix, which describes itself as a platform for smart money, is also launching Instapass with its Olympia mainnet — an optional user and developer service that delivers the world’s first single sign-on solution for building compliant DeFi. The Radix mainnet is being positioned as a generational improvement in the history of decentralized ledger computing — and one that delivers 100 times more executional efficiency than the Ethereum Virtual Machine. This comes hot on the heels of the …
Decentralization / July 29, 2021
KuCoin inches closer to recovery by reopening deposits and withdrawals
In the latest step towards full recovery after a devastating hack in September, Crypto exchange KuCoin announced today in a blog post that it has “restored the deposit and withdrawal services of all tokens.” The announcement follows a partial reopening that took place in October where users could move their BTC, ETH, and USDT off the exchange. This latest step opens withdrawals and deposits to all coins and tokens, though certain tokens may have withdrawal limits due to what the exchange called “ongoing judicial proceedings.” The re-opening is a promising step towards normalcy after a crippling hack on Sept. 26. …
Blockchain / Nov. 22, 2020
Bitmart pledges to reimburse hack victims as crypto community voices support
As regulatory uncertainty continues to plague the global digital asset ecosystem, there are many anti-crypto proponents who continue to harp on the fact that the industry as a whole has a long way to go when it comes to securing itself in a manner that is anywhere comparable to the traditional finance system. Now, with the recent Bitmart hack coming to light, these individuals have been given even more firepower. To recap, on Dec 5, cryptocurrency exchange Bitmart was on the receiving end of a major hack that saw the platform lose nearly $200 million via a hot wallet compromise …
Ethereum / Dec. 11, 2021
Bent Finance confirms pool exploit, advises investors to withdraw funds
Staking and farming platform Bent Finance joins the list to become the sixth crypto establishment to get hacked in December. The acknowledgment of the attack was followed by requesting investors to withdraw their pool funds and disabling the reward claims on the compromised platform. Bent Finance first realized the exploit on Monday at roughly 8:55 PM EST, a timeline when the company reported no loss of funds. However, the community suspected a rug-pull event when blockchain investigator PeckShield allegedly located the source of the hack transactions. We have located the hack tx, which interestingly is sent from the Bent Finance: …
Blockchain / Dec. 21, 2021
'Haunts me to this day' — Crypto project hacked for $4M in a hotel lobby
The co-founder of Web3 metaverse game engine “Webaverse” has revealed they were victims of a $4 million crypto h after meeting with scammers posing as investors in a hotel lobby in Rome. The bizarre aspect of the story, according to co-founder Ahad Shams, is that the crypto was stolen from a newly set up Trust Wallet and that the hack took place during the meeting at some point. He claims the thieves could not have possibly seen the private key, nor was he connected to a public WiFi network at the time. The thieves were somehow able to gain access …
Nft / Feb. 7, 2023