Report: KuCoin Identifies Hackers Identity, Considering Legal Action

KuCoin, the top cryptocurrency exchange that lost millions in customer funds due to a security breach, has announced that it is closing in on its hacker’s identity. 

According to a series of tweets from exchange chief executive Johnny Lyu, the exchange has compiled substantial proof of its hacker’s identity and will soon proceed with legal action.

Another Progress Report 

“After a thorough investigation, we have found the suspects of the 9.26 #KuCoin Security Incident with substantial proof at hand. Law enforcement officials and police are officially involved to take action,” Lyu’s first tweet said on Saturday. 

The chief executive added that as of October 1, the exchange had managed to seize another $64 million in assets from fishy addresses, thanks to help from some industry partners. So far, KuCoin has managed to take back $204 million. 

Lyu added that KuCoin is slowly regaining its full functionality. They’ve reopened withdrawals and deposit services for 31 tokens, although they’re still working on restoring services for Bitcoin, Ether, and Tether.

An Unfortunate Event 

KuCoin’s woes began on September 26, when the exchange confirmed that it had suffered a major security breach. According to an official statement from Lyu at the time, hackers managed to breach its Bitcoin, Ether, and ERC20 hot wallets after gaining access to leaked private keys. From there, the hackers stole different tokens and moved them to rival exchanges.

Estimates from ZDNet confirmed that the exchange lost about $150 million in user funds. In his press release, Lyu assured users that the company and its insurance fund would cover anyone whose funds were affected. Paolo Ardoino, the Chief Technology Officer at rival exchange Bitfinex, also confirmed in a Twitter post that his exchange had frozen $13 million in Tether for insurance, as they suspected the funds could have had links to the attack.

Tether Limited also reportedly froze $20 million in funds related to the hack. A follow-up press release confirmed that KuCoin had contacted several other top exchanges – including Huobi, ByBit, and Binance – as well as law enforcement agencies and blockchain projects for help.

Speaking to Cointelegraph, Lyu confirmed that at least $129 million were either recovered on “in a position to be recovered.” As he explained, members of the Ocean protocol team had frozen over 21 million OCEAN utility tokens, with about $8 million. Lyu also claimed that KuCoin had coordinated with VIDT_Datalink to freeze $!4 million of the stolen $14.49 million VIDT tokens. Several other industry players have chipped in with their help.  

So, while ZDNet reported that the total funds stolen were about $150 million, new reports peg that number to be around $200 million. 

The KuCoin hack is the first high-profile hack of a centralized crypto exchange in 2020. The event shows that while criminals might be focusing on deploying malware on exchanges’ networks, data breaches are still very much alive.