Singapore-based cryptocurrency exchange KuCoin disclosed today a mega hack. In a statement posted on its website, the company confirmed that a threat actor breached its systems and emptied its hot wallets of all funds.
Hot wallets are cryptocurrency management apps that are connected to the internet. Cold wallets are stored offline.
Cryptocurrency exchanges like KuCoin use hot wallets as their temporary storage systems for assets that are currently being exchanged on the platform, and they are used to power conversion operations and funds transfers.
KuCoin said it detected the hack after observing “some large withdrawals” from its hot wallets on September 26.
The company said it started a security audit and discovered the missing funds. KuCoin said the hacker managed to steal Bitcoin assets, ERC-20-based tokens, along with other types of tokens.
Currently, the loss is estimated at a minimal $150 million, based on an Etherium address where users tracked some of the stolen funds.
KuCoin has not returned an additional request for comment.
However, KuCoin CEO Johnny Lyu is scheduled to provide additional details about the security breach in a live stream at 12:30 (UTC+8), September 26, 2020.
KuCoin also promised to reimburse users who lost funds in the hack using its cold wallets. Deposits and withdrawals have been temporarily suspended while the company’s security team investigates the incident.