(ZDNet) – Singapore-based cryptocurrency exchange KuCoin disclosed today a mega hack. In a statement posted on its website, the company confirmed that a threat actor breached its systems and emptied its hot wallets of all funds.
Hot wallets are cryptocurrency management apps that are connected to the internet. Cold wallets are stored offline.
Cryptocurrency exchanges like KuCoin use hot wallets as their temporary storage systems for assets that are currently being exchanged on the platform, and they are used to power conversion operations and funds transfers.
KuCoin said it detected the hack after observing “some large withdrawals” from its hot wallets on September 26.
The company said it started a security audit and discovered the missing funds. KuCoin said the hacker managed to steal Bitcoin assets, ERC-20-based tokens, along with other types of tokens.
Currently, the loss is estimated at a minimal $150 million, based on an Etherium address where users tracked some of the stolen funds.
KuCoin has not returned an additional request for comment.
However, KuCoin CEO Johnny Lyu is scheduled to provide additional details about the security breach in a live stream at 12:30 (UTC+8), September 26, 2020.
KuCoin also promised to reimburse users who lost funds in the hack using its cold wallets. Deposits and withdrawals have been temporarily suspended while the company’s security team investigates the incident.
Hot wallets are cryptocurrency accounts that are actively connected to the internet and which ETERBASE was using to power its inter- and intra-currency exchange operations.
Funds were stolen from six hot wallets, storing Bitcoin, Ether, ALGO, Ripple, Tezos, and TRON assets.
In a series of messages posted on its Telegram channel, the company said it detected the attack but could not stop it from taking place.
Nonetheless, ETERBASE said it tracked the transactions as they left its wallets, and is currently tracing the stolen funds as they move around their respective blockchains.
ETERBASE has also already contacted exchanges where the stolen funds have landed and requested that its stolen assets are frozen.
Currently, all transactions on ETERBASE have been suspended until September 10, but the company said it planned to resume operations and reassured users that it had enough reserve funds to continue operating.
Law enforcement was also notified, the company added.