Singapore-based cryptocurrency exchange KuCoin disclosed a major security incident, the hackers breached its hot wallets and stole all the funds, around $150 million.
Deposits and withdrawals have been temporarily suspended while the company is investigating the security incident.
“We detected some large withdrawals since September 26, 2020 at 03:05:37 (UTC+8). According to the latest internal security audit report, part of Bitcoin, ERC-20 and other tokens in KuCoin’s hot wallets were transferred out of the exchange, which contained few parts of our total assets holdings.” reads a statement published by the company. “The assets in our cold wallets are safe and unharmed, and hot wallets have been re-deployed.”
Hot wallet refers to any cryptocurrency wallet that is connected to the internet, for this reason, they are more exposed to cyber attacks.
Hot wallets are used as temporary storage systems for assets that are currently being exchanged on the exchange.
Cold storage refers to any cryptocurrency wallet that is not connected to the internet, for this reason, they are considered more secure. They usually don’t contain as many cryptocurrencies as do many of the hot wallets.
KuCoin discovered the security breach on September 26 when its staff noticed some large withdrawals from its hot wallets.
The exchange immediately investigated the anomalous operations and discovered the cyber heist of Bitcoin assets, ERC-20-based tokens, along with other cryptocurrencies.
The overall amount of funds stolen by the hackers is greater than $150 million, based on an Etherium address where the stolen funds were transferred.
Today (September 26, 2020), KuCoin CEO Johnny Lyu will provide additional details about the incident in a live stream at 12:30 (UTC+8).
The exchange plans to refund its users using its cold wallets.
This incident is one of the biggest hack ever reported, below a list of most prominent incidents.
(SecurityAffairs – hacking, Norway)