KuCoin's hot wallets were compromised, with North Korean hackers suspected. Most funds recovered through project team interventions.
Hackers gained access to KuCoin's hot wallet private keys and drained Bitcoin, Ethereum, and ERC-20 token hot wallets. KuCoin quickly identified the attacker's addresses and worked with blockchain projects to freeze stolen tokens. Multiple projects rolled back transactions or issued new contracts to negate the theft.
Stolen ERC-20 tokens rapidly routed through Uniswap and Kyber Network. ETH moved through Tornado Cash. Bitcoin sent through mixers. Approximately $204M recovered through cooperation with exchanges and blockchain projects who froze or replaced stolen tokens. Suspected North Korean Lazarus Group involvement.
0x2b3a4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a