KuCoin, which touts itself as “the most advanced and secure cryptocurrency exchange to buy and sell Bitcoin, Ethereum, Litecoin, TRON, USDT, NEO, XRP, KCS, and more” apparently has been hacked.
At stake is about $150 million worth of tokens that’s been moved to a different address, which on its own wouldn’t necessarily be cause for concern. However, throughout the day, some users have complained about withdrawal issues.
The address received transactions of tokens worth 11,484 Ether. Those include a variety of little-known tokens, such as Gladius, Chroma, Ocean Token, and Hawala, but also Maker, OMG, and YFI.
Adding to the confusion, Crypto data company Cryptoquant noticed that a large amount of Bitcoin left the Kucoin wallets quickly. Just as suddenly, no Bitcoin was leaving Kucoin wallets. “Since 20:00 UTC on September 25th,” it tweeted, “the outflow has continuously been zero.”
According to Cryptoquant CEO Ki Young Ju, that spike is a telltale sign of a hack. If it were merely a systems issue, outflows would go straight to zero without a spike.
Yet KuCoin apparently is maintaining it’s just a systems issue. At least one admin message on KuCoin’s Telegram channel indicates that users should not withdraw or deposit funds at the moment, “given the situation.” It claims that “transactions are simply pending.”
According to data from CoinMarketCap, KuCoin, based in Singapore is the 16th-most-popular crypto spot exchange when taking into account trading activity, traffic, and volume. It’s responsible for $112 million in volume over the last 24 hours.
As of 2:40 UTC, KuCoin had yet to make a statement regarding the status of the situation.
(This article will be updated as more information becomes available.)