Freeze, pause, reboot: Projects react differently to $200M KuCoin hack
Following news of a security breach resulting in the loss of more than $200 million worth of tokens on KuCoin, many projects quickly reacted to prevent users’ holdings from being moved off to other exchanges.
Speaking to Cointelegraph, KuCoin Global CEO Johnny Lyu said at least $129 million of the tokens affected in the breach and the Bitcoin (BTC), Ether (ETH), and ERC20 hot wallets impacted were “safe” or in a position to be recovered. Though reports initially stated hackers got away with $150 million in tokens, new estimates put the total closer to $200 million.
Hackers stole a number of ERC20 tokens as part of the theft, but many projects were quick to react to the breach.
Members of the Ocean Protocol team have reportedly frozen more than 21 million OCEAN utility tokens, roughly worth $7.8 million at the time of writing. The project has since announced that it is initiating a hard fork of its contract to “reverse the ill-effects of the hack for anyone choosing to adopt the new version of the contract.”
In addition to the $33 million in tokens crypto exchange Bitfinex and Tether (USDT) reportedly froze, KuCoin’s Lyu stated the entities stopped an additional 2 million in USDT on OMNI and TRON. The CEO said KuCoin coordinated with VIDT_Datalink to freeze and recover $14 million of the stolen 14.49 million VIDT tokens as well as worked with Covesting to freeze and recover $560,000 COV tokens. Akropolis has also reportedly paused all AKRO transactions and blacklisted the hacker's known address.
Other projects required different solutions to protect users’ funds following the breach, including swaps.
Lyu said that KuCoin had worked with Silent Notary to upgrade its SNTR contracts and replace 78.9 billion of the stolen tokens, or roughly $100,000. KuCoin also worked with the Orion Protocol to complete a 3.81 million ORN token swap, worth approximately $8.8 million at the time of writing, and with Velo Labs to re-deploy and replace 120 million VELO tokens transferred to the hacker’s address, worth roughly $70.8 million. Kardiachain has reportedly recovered $9 million of the 524,948,751 KAI stolen from 2,976 wallets following a token swap.
Aleph was also forced to take drastic measures after the project reported on its blog that 8.5 million ALEPH — about $1.2 million — had been compromised in the breach. The project stated it had reissued tokens on a new smart contract, with the previous address and tokens “rendered obsolete.”
Not all measures have been so effective. In a series of tweets on Sept. 27, crypto tracker Whale Alert reported that the KuCoin hackers had moved 540,000 Synthetix Network tokens (SNX) — worth roughly $2.7 million — in several transactions to unknown wallets. The project has not yet issued a statement on its Twitter account or blog at the time of publication.
Reports of the extent of the breach are ongoing, but Lyu stated that KuCoin is prepared to completely cover any user funds affected by the hack through its insurance. The CEO said the exchange “will fully resume all the operations within a week.”