KuCoin Suffers $150M Theft, Becoming Latest in Long Line of Breaches

On September 26^th, 2020, the popular cryptocurrency exchange KuCoin was hacked.  With roughly $150 million USD stolen, it represents one of the largest cryptocurrency thefts to date.

In the time since this event, crypto-markets have been relatively un-phased.  This begs the question, ‘have exchange hacks become so commonplace that their occurrence no longer has an effect on market participants’?

While this sounds like a far-fetched idea, it highlights the need for a change of approach by service providers and clients.  Exchanges need to ramp up security efforts to avoid becoming the face of incompetence.  Investors need to ramp up due diligence when entrusting funds to service providers.

With this in mind, today we take a look at some of the most prominent hacks totaling $40 million or more that have occurred over the past few years.

Notable Thefts

KuCoin – September 2020

At the time of writing Kucoin is the most recent exchange to be hacked.  Taking place on September 26^th, 2020, a thief gained access and liquidated various ‘hot-wallets‘ owned and operated by KuCoin.  Affected assets included BTC, ETH, LTC, XRP, BSV, XLM, TRX, USDT, and various ERC-20 based tokens.

Thankfully, KuCoin has maintained a strong insurance policy for multiple years now.  Meaning, in this instance, user funds are expected to be protected.

Total Lost : >$150,000,000 USD

AltsBit – February, 2020

Although some exchanges were able to weather the storm after being hacked, AltsBit was not so fortunate.  This hack, which occurred only months after the exchange launched, saw thieves take various assets, including – BTC, ETH, KMD, VRSC, ARRR.  In this instance, the event saw hacker group LulzSev claim responsibility.

Total Lost : >$70,000,000 USD

QuadrigaCX – December 2019

After a lengthy investigation, the Ontario Securities Commission (OSC) determined in July 2020 that CEO and Founder Gerald Cotten was directly responsible for the loss of assets due to years of fraud and misuse of client funds; the OSC called Quadriga a “ponzi scheme” due to Cotten’s use of client funds to cover his illegal trading losses.  When Quadriga initially collapsed, it had been speculated that the funds were simply lost or in inaccessible crypto accounts, unfortunately, that turned out not to be the case.  Auditor Ernst and Young were able to recover $45M, resulting in an overall loss of $169M. Unfortunately for its clients, the lost funds were not safeguarded by insurance policies.

Total Lost : >$215,000,000 USD

UpBit – November, 2019

Most of the hacks to occur are completed through unauthorized access to ‘hot-wallets’ utilized by exchanges.  This instance was somewhat unique, as the theft saw hackers steal from UpBits ‘cold-storage’.  The only affected asset in this theft was ETH.  Client losses were covered by the exchange itself.

Total Lost : >$50,000,000 USD

Binance – May 2019

Binance is one of the world’s largest crypto exchanges, many did not expect this theft to occur.  The fact that it did, underscores the risk of leaving assets in the control others.  If one of the biggest exchanges is vulnerable, every exchange is vulnerable.  In this instance, Binance ensured that any losses would be covered by the exchange.

Total Lost : >$40,000,000 USD

Coincheck – January 2018

Nobody wants to be associated with one of the greatest thefts of all time.  Unfortunately for Coincheck, its decision to store significant amounts of user funds in hot-wallets resulted in the record-setting theft.  In this case, the only affected asset was NEM.  Sadly for NEM, the events resulted in significant collateral damage crashing its price – despite not being at fault.

Total Lost : >$530,000,000 USD

Zaif – September 2018

2018 was a rough year for Japanese based exchanges, this particular hack followed the aforementioned incident involving Coincheck.  Here, affected assets were BTC, BCH, and MONA.  Similar to most hacks, thieves were able to steal assets through unauthorized access to the exchanges’ hot-wallets.  While the hack occurred in 2018, it has recently begun to garner more attention, as Zaif has decided to sue Binance.  It claims that Binance aided in laundering stolen funds through insufficient KYC/AML policies.

Total Lost : >60,000,000 USD

Mt. Gox – February, 2014

Although this theft has since been beaten by Coincheck as the largest of its kind, Mt. Gox is arguably the most well-known hack of its kind.  Despite the event occurring in 2014, the ramifications linger to this day.  The only affected asset of note was Bitcoin, with a total of 850,000 BTC being stolen.

Total Lost : >$450,000,000 USD

Safety First

Sadly, this is nowhere near a comprehensive list of exchange hacks.  Although there appears to be a common theme involving the use of hot-wallets, this is by no means the only avenue of risk.  Thefts have also occurred as the result of inside-jobs, cold-wallet access, and more.

If one thing has been made crystal clear – protect your assets.  Do not leave funds on exchanges unnecessarily.  As an investor, take a proactive approach to asset security – utilize hardware wallets, utilize respected custodial services, etc.  Even the most respected exchange is vulnerable to attacks.