KuCoin reported that the attacker emptied all of its hot wallets today.
Singapore-based cryptocurrency exchange KuCoin has uncovered a mega hack today. In a statement posted on its website, the company confirmed that the attacker hacked into its systems and emptied its hot wallets of all funds, according to ZDNet.
Hot wallets are internet-connected cryptocurrency management applications. Cold wallets are stored offline.
Cryptocurrency exchanges such as KuCoin use hot wallets as temporary storage systems for assets currently exchanged on the platform, and these are used for power conversion and fund transfer transactions.
KuCoin said it discovered the hack after observing "some major withdrawals" from its hot wallets on September 26.
The company said it had begun a security audit and found the missing funds. KuCoin said that the hacker managed to steal Bitcoin assets, ERC-20 based tokens, as well as other types of tokens.
The loss is currently estimated to be at least $150 million, based on the Etherium address that users tracked some of the stolen funds to.
KuCoin did not respond to a request for comment from reporters. However, KuCoin CEO Johnny Liu is due to provide more information about the security breach live at 12:30 pm (UTC+8) on September 26, 2020.
KuCoin also promised to refund users who lost funds as a result of the hack using its cold wallets. Deposits and withdrawals are temporarily suspended while the company’s security team investigates the incident.