KuCoin Hot-Wallet Hack — September 2020
Attackers drained $281M from KuCoin hot wallets across BTC, ETH, ERC-20 and stablecoin balances. Project teams froze and blacklisted stolen tokens; approximately 84% of value was eventually recovered.
KuCoin is a centralised cryptocurrency exchange headquartered in Seychelles.
On the night of 25 September 2020 (UTC+8), KuCoin detected anomalous outflows from its BTC, ETH and ERC-20 hot wallets. The attacker had obtained the private keys and transferred approximately $281M of assets across several wallets before the exchange could intervene.
What followed was the most extensive recovery effort in crypto history. Token issuers cooperated on-chain: Tether froze affected USDT, Ocean Protocol upgraded its contract to invalidate the attacker's tokens, Velo similarly migrated, KardiaChain hard-forked. Centralised exchanges blacklisted the attacker's receiving addresses. Within weeks, large portions of the stolen value had been immobilised.
By November 2020 KuCoin announced approximately 84% recovery — extraordinary by historical standards. The remaining ~$45M was covered from the exchange's insurance fund. South Korean authorities later identified seven North Korean nationals as suspects, but no public attribution to a specific group followed.
Timeline
- Anomalous outflows from BTC, ETH and ERC-20 hot wallets
Multiple wallets drained in rapid succession.
- KuCoin discloses incident
CEO Johnny Lyu announces hack and pauses deposits/withdrawals.
- Token issuers begin freezing stolen assets
Tether, Ocean Protocol, Velo, KardiaChain and others freeze, blacklist or migrate affected tokens.
- KuCoin announces 84% recovery
Of the stolen value, approximately 84% has been recovered or immobilised on-chain.
- Final reconciliation; uninsured loss closed from insurance fund
Approximately $45M of unrecoverable assets covered from the exchange's insurance fund.
Who was involved
- KuCoinexchangevictim$281.0M