On Oct. 3, KuCoin CEO Johnny Lyu took to Twitter to reveal that the suspects responsible for the $281 mln hack had been found following “a thorough investigation”:
“After a thorough investigation, we have found the suspects of the 9.26 #KuCoin Security Incident with substantial proof at hand. Law enforcement officials and police are officially involved to take action.”
In another tweet, Lyu added that the exchange would be coming back to “full functionality” after suffering the major security breach a little over a week ago.
It’s not another Mt. Gox
On Sept. 25, KuCoin, a major cryptocurrency exchange headquartered in Singapore, confirmed that Bitcoin and plenty of ERC-20 tokens had been transferred out of the exchange’s hot wallet.
Initially, it was reported that close to $150 mln worth of crypto had been drained from the embattled exchange.
Further estimates showed that the loot was much bigger, surpassing $280 mln. This means that KuCoin suffered the third largest hack in history in dollar value after Coincheck in January 2018 and Mt. Gox in February 2014.
Unlike the now-defunct Mt. Gox exchange, KuCoin has already recovered most of its stolen crypto, eschewing endless court cases.
As reported by U.Today, several decentralized finance protocols rushed to freeze the bad actors’ funds, which throws into question their decentralization.
The hacker wasn’t left penniless. According to blockchain sleuth Elliptic, he or she had already laundered more almost $20 mln via DEXes such as Uniswap.
“Inside job” allegations
Hudson Rock CTO Alon Gal expressed his skepticism regarding Lyu’s statement, claiming that it was most likely “an inside job”:
“My bet is leaning towards an inside job, it shouldn't take that long to figure the clues if he messed his opsec during the hack. An inside job might take a bit to figure out.”
The cybersecurity expert refuses to believe that the hacker could possibly launder stolen crypto on DEXes without using a VPN.