A cryptocurrency exchange called KuCoin says it has been cracked, with over $100m of assets misappropriated.
The Register last covered KuCoin when it was mentioned by the Bitcoin-burgling cybercrooks who hacked a bunch of prominent Twitter users.
The Seychelles-based outfit, founded in 2017, proudly boasts of its venture capital backers who clearly admire its services facilitating trading of “numerous digital assets and cryptocurrencies”. And on Saturday it advised users that it “detected some large withdrawals since September 26, 2020 at 03:05:37 (UTC+8)” and that an internal security audit revealed “part of Bitcoin, ERC-20 and other tokens in KuCoin’s hot wallets were transferred out of the exchange, which contained few parts of our total assets holdings. The assets in our cold wallets are safe and unharmed, and hot wallets have been re-deployed.”
The company also promised that any losses would be covered by insurance, but also advised that deposit and withdrawal services would be suspended pending a security review.
A later update included an FAQ in which customers asked why some of the withdrawals continued even after the first incident notification was posted. KuCoin assured customers it conducted those transactions itself and advised that restoration of withdrawal functions could take a week. In the volatile world of cryptocurrency, a week can be the difference between a win and a bust.
A Monday update, the latest, revealed the scale of the hack as KuCoin identified over $130m of assets. It also describes work among a number of crypto players to identify suspicious transactions, freeze transactions, and even lists some addresses suspected of involvement in the heist.
“KuCoin has been in touch with a growing number of industry partners to take tangible actions, thanks to all of you for your support!,” the statement concluded.
However, the latest statement does not offer any further information on the cause of the incident, remediation steps, or restoration times.
So there you have it, dear reader: a venture-backed startup, based in a tax haven, demonstrating the future of money in all its glory.
And in the background, China deciding that its own digital currency will be run only by its biggest banks with new payment players like Alibaba not allowed anywhere near its innermost workings