KuCoin Suffers $281 Million Hack

Summary

On September 26, 2020, KuCoin, a Singapore-based cryptocurrency exchange, experienced a significant security breach, resulting in the theft of approximately $281 million worth of cryptocurrencies. The hackers obtained the private keys to the exchange’s hot wallets. The hackers sold the stolen cryptocurrency from their addresses on decentralized exchanges and anonymized the stolen cryptocurrencies through the mixing services. The incident caused a temporary drop in the price of KuCoin’s exchange token KCS by 14%, to $0.86. However, by November 11, 2020, KuCoin was able to recover all the stolen assets, so users were unaffected by the hack: 84% were regained by on-chain tracking, contract upgrade and judicial recovery; the remaining 16% were covered by the KuCoin insurance funds.

Attackers

A North Korean hacker crew called Lazarus Group has been accused of carrying out the heist. KuCoin recommends blacklisting suspicious addresses linked to the perpetrators:

  • ETH

    • 0xeb31973e0febf3e3d7058234a5ebbae1ab4b8c23
  • BTC

    • 1NRsEQRg5EjmJHbPUX7YADVPcPzCQBkyU7
    • 12FACbewf5Fy9nmeaLQtm6Ugo5WS8g2Hay
    • 1TYyommJW3uhjhcnHhUSuTQFqSBAxBDPV
  • LTC

    • LQtFoidy5TmLrPP77MZzgMRffqPsmRfMXE
  • XRP

    • r3mZvvHVLPtRWAujzBsAoXqH11jhwQZvzY
  • BSV

    • 15mC7zKbLyErSKzGRHpy6gyqS7GyRpWjEi
  • XLM

    • GBM3PJWNB5VKNOFXCDTTNXPMUNBMYTLAAPYDIIKLHUGMKX7ZGN2FNGFU
  • USDT

    • 1NRsEQRg5EjmJHbPUX7YADVPcPzCQBkyU7
  • TRX

    • TB3j1gUXaLXXq2bstiSMfjQ9R7Yh9DdDgK

Losses

The stolen funds from KuCoin’s hot wallets amounted to approximately $281 million. The hackers targeted various cryptocurrencies, including:

  • 1,008 BTC ($10,758,404.86)
  • 11,543 ETH ($4,030,957.90)
  • 19,834,042 USDT-ETH ($19,834,042.14)
  • 18,495,798 XRP ($4,254,547.54)
  • 26,733 LTC ($1,238,539.89)
  • 999,160 USDT ($999,160)
  • $147M worth of ERC-20 tokens
  • $87M of Stellar tokens

Timeline:

Security Failure Causes

On the official website, the KuCoin team explained that the hack was made because of a leakage of the private keys of KuCoin hot wallets. The leakage could became possible due to several reasons:

  • Malicious actions of responsible employees: this could have been done by someone from the exchange staff who had the appropriate access.
  • Attack on web infrastructure: the attacker could gain access to the exchange’s hot wallet services.
  • Social engineering attack: the hackers could obtain access to private keys as a result of a phishing attack by using exploits, viruses, and backdoors on employees who had access to private keys.