Kucoin hacked! Various centralized exchanges implement rescue measures, Synthetix: No foolish hard fork for hackers
Kucoin was hacked last Saturday, the 26th, with losses estimated to exceed $150 million worth of cryptocurrencies, including Bitcoin and many ERC-20 tokens. Following the incident, we have seen some exchanges and cryptocurrency projects resorting to "centralization tactics" to mitigate the damage. What interesting events unfolded during this time? And why did Synthetix not take action? The Block also suggests that the losses may exceed $150 million.
Table of Contents
Kucoin Hacked: Private Keys Compromised
At 3:05 am on the 26th, Kucoin detected that bitcoins and various ERC-20 tokens in the exchange's hot wallet had been transferred out. In subsequent announcements, Kucoin concluded that this was due to a compromise of their private keys.
CEO Johnny Lyu stated in a live stream announcement that the main assets affected were bitcoins, ether, and other ERC-20 tokens, and the amount lost only accounts for a small portion of their total assets. Kucoin assured that users affected by this incident would be fully compensated through the official insurance fund. Withdrawal services are expected to resume within a week.
View hacker address: 0xeB31973E0FeBF3e3D7058234a5eBbAe1aB4B8c23 This address has been flagged as Kucoin Hacker
Exchanges and Cryptocurrency Companies Respond to Track Down Hackers
Official statements mention that exchanges including Binance, Huobi, OKEx, Bybit, Upbit, Bibox, Gate, MXC, BitMax, BigONE, BKEX, BitZ, HBTC, Hoo, Crypto.com, Bingbon, Renrenbit, LBank, Max, CoinW, among others, are willing to assist in blocking suspicious addresses and tracking funds.
As always, #Binance has been actively helping other exchanges that got hacked. The sooner we get notified, the more we can help. We will work together to make the industry #SAFU-er.
โ CZ ๐ถ Binance (@cz_binance) September 26, 2020
Tether's CTO Paolo Ardoino directly stated that they have frozen $13 million worth of hacked USDT on EOS, as well as $20 million USDT held in the hacker's Ethereum address. Another $1 million each on Omni and Tron has also been frozen.
PSA: re #KuCoin hack@bitfinex froze 13M Tether USDt on EOS as part of the hack@Tether_to just froze 20M Tether USDt sitting on this Ethereum address https://t.co/GYmESH44da as precautionary measure.
Stay safe everyone!
โ Paolo Ardoino (@paoloardoino) September 26, 2020
Not only Tether, but some cryptocurrency companies have taken drastic measures. For example, Akropolis AKRO has suspended all on-chain protocol transactions and advised users not to conduct on-chain transfers or use decentralized exchanges temporarily. They quickly updated their smart contracts to blacklist the hacker's address. Other tokens such as VELO, VIDT, SNTR have taken actions to freeze assets or reissue corresponding tokens.
In response to the recent @kucoincom Security incident, we paused all the transfers of $AKRO. More updates to follow shortly. Don't try to transfer tokens or swap on DEXes. CEXes trading working fine. https://t.co/jXSy6bUUjV
โ Akropolis (@akropolisio) September 26, 2020
Ocean Protocol OCEAN, which had tokens stolen worth over $8.6 million, after community discussions, opted for a hard fork to recover these "hacked records" to protect user losses and Ocean Protocol itself. The hard fork was completed at the time of writing.
Ocean Protocol Foundation is initiating a hard fork of the Ocean Token contract which will have the effect of reversing the ill-effects of the hack for anyone choosing to adopt the new version of the contract. Read our full statement here:https://t.co/zw0YtiLKOi
โ Ocean Protocol (@oceanprotocol) September 27, 2020
Another Approach: Synthetix SNX
In this incident, a significant amount of SNX was also stolen, but Synthetix chose not to intervene. CEO Kain Warwick stated that once he confirmed that the stolen tokens were less than 0.5% of the circulating supply, he immediately decided not to propose a hard fork or any similar actions, considering the matter closed.
He believes that based on past experiences, freezing tokens or initiating hard forks is not worthwhile. He mentioned that Synthetix's community has high standards regarding "change balance" matters, and he trusts that proposals like these would not pass under decentralized governance.
So back to the hacked SNX, it was less than half a percent of the supply. So my immediate response was there is literally zero chance we are getting a SIP to pass to try to fork the protocol or something equally dumb. And that was basically the end of it for me.
โ kain.eth (โจ๐ด_๐ดโจ) (@kaiynne) September 28, 2020
Furthermore, he mentioned that SNX has sufficient liquidity on both centralized and decentralized exchanges, and he is not concerned about dumping affecting the market. Indeed, after a portion of SNX was sold off, it quickly rebounded.
Kain Warwick emphasized that he has felt a sense of freedom since Synthetix fully implemented decentralized autonomous organization, and this incident is a prime example. Even if he wanted to intervene, he does not have the authority to change the current situation.
He believes he still has a responsibility to consider how to guide the "crazy behavior" in DeFi and advocate for what he considers good practices. However, he has removed half of his dictatorial power for now.
Additionally, in a series of comments, he also expressed that when people choose to hold cryptocurrencies for the long term on centralized exchanges, they should be aware of the risks involved.
Potential Loss Exceeding $150 Million
The Block's Research Director Larry Cermak took on the role of a blockchain detective once again. He analyzed the wallets related to the Kucoin hack and estimated that at least $280 million worth of cryptocurrencies were stolen, surpassing the speculated $150 million. He stated that this is the third-largest hack in history, seven times higher than Binance's hack amount last year.
While some tokens were frozen, hard forks were initiated, or hacker addresses were blacklisted, these efforts fell short of recovering the stolen amount. Larry listed all the potentially recoverable token losses:
โ Velo ~$76 million
โ Tether ~$22 million
โ Orion ~$10 million
โ KardiaChain ~$10 million
โ Ocean Protocol ~$9 million
โ VIDT Datalink ~$7 million
โ NOIA Network ~$5 million
โ Covesting ~$600,000
He also mentioned that in the past two days, hackers have sold $120,000 worth of OCEAN, $2.9 million worth of SNX, and $2.16 million worth of LINK, as well as DIA.
Related
- Ripple upgrades XRPL in collaboration with Futureverse, investing tens of millions of dollars in Japan and South Korea.
- MakerDAO renamed to Sky: Behind the Scenes! Account with a six-figure USD value almost fell into the hands of hackers.
- DeFi is still a human affair! Synthetic asset protocol Kresko announces closure due to deteriorating health of founder.