KuCoin Hack: what you should know as DENT Token holder
On September 25-26th, 2020, KuCoin has been hacked and about $281 million of crypto currencies and tokens were stolen, i.e. transferred out of the exchange to wallets belonging to a group of hackers.
Due to the leakage of the private keys of several KuCoin hot wallets, the hackers could transfer many crypto currencies and tokens to their own wallets.
Update: November 27, 2020 KuCoin resumed full service (trading, depositing and withdrawal) for the DENT Token.
Below the official statements from KuCoin:
- KuCoin Security Incident Update
- KuCoin CEO Livestream Recap
- The Latest Updates About the KuCoin Security Incident (Continually Updated)
- Official Latest News
- Tweets from CEO Johnny Lyu
Table of Contents
- 1 Which crypto currencies and tokens were stolen?
- 2 How many DENT tokens were stolen?
- 3 How did KuCoin react to the hack?
- 4 Trading in DENT Tokens is still possible
- 5 How did other exchanges and management of affected tokens react?
- 6 What did DENT Wireless do?
- 7 What did the hackers do?
- 8 What can we expect next?
Which crypto currencies and tokens were stolen?
The hackers stole part of KuCoin’s “holdings” in BTC, XRP, BSV, XLM, USDT, TRX, ETH, and over 100 individual ERC20 tokens (including the DENT tokens).
The hackers actually stole almost all of the 100+ ERC20 tokens from just 2 hot wallets from KuCoin:
Yes, you could argue “Why the hell should KuCoin “save” over $150 million of customer assets with 100+ different tokens in just 2 wallets?” (Or why not keep one or several wallets for each different token?)
I don’t know. At first sight, it seems to me very bad treasury management…
As we are primarily interested in the stolen DENT tokens that were part of the stolen ERC20 tokens, we focus on these tokens (By reading the official announcements, you can follow the status for the other non-ERC20 tokens)
How many DENT tokens were stolen?
The hackers stole 3,066,372,838 (yes, over 3 Billion) DENT Tokens. This is about 3,7% of the current circulation supply. All the tokens have been transferred to this wallet (owned by the hacker).
Were all DENT Tokens kept on the KuCoin Exchange being stolen?
No, after the hack, the number of DENT tokens left on KuCoin was 898,310,217 (as you can see in this wallet).
So, about 77,3% of all DENT tokens originally kept on KuCoin have been stolen.
How many KuCoin users do/did have DENT in their balances?
First, we expect KuCoin to have a significant portion of these DENT tokens themselves. But there are no official figures. Based upon the average number of holdings by DENT token holders in cold wallets, we expect at least 1,000 users, but probably more.
How did KuCoin react to the hack?
After receiving an alert from the risk management system, the KuCoin team set up a special team to cope with the incident, closed the server of the affected wallets, and transferred the remaining assets from the hot wallets to cold storage.
Thereafter, they made an official statement, hold a live webinar, set up a communication team, and informed other crypto platforms and blockchain projects, security agencies, and law enforcement and asked them to blocklist suspicious addresses and trace the funds affected.
KuCoin Global CEO Johnny Lyu also stated during the live webinar that KuCoin’s insurance fund can to cover the losses.
KuCoin also “immediately” stopped the deposit and withdrawal feature for all affected crypto currencies and tokens.
Update October 3, 2020: Tweet and replies from CEO Johnny Lyu:
Update: as per October 5, KuCoin has opened deposit and withdraw services for 53 tokens. And as per October 7, you can now also deposit and withdraw BTC, ETH, and USDT. As per October 21, the number of tokens with full services has been increased to 120. All tokens with current full services were either not affected, or the the stolen tokens were frozen or there was a token swap (see below).
Update as per November 11, 2020:
So, as per November 11, 2020, KuCoin has recovered 84% of the $281 million ($236 million recovered, and $45 million “lost”).
Trading in DENT Tokens is still possible
But to our surprise, the actual trading in all affected “tokens” was not halted. KuCoin users can still trade, and will see their balances as “unaffected” and can even transfer assets internally from Main Account to Trading, Margin, or Contract Account (or vice versa).
So, you can still trade in the DENT/BTC and DENT/ETH pair, and users will still see their DENT balances. But be in mind, these balances are not fully covered any more with actual DENTs.
Or to say it in other words… on KuCoin you are trading (partly) in “ghost” crypto currencies and tokens.
Hence, if withdrawals will be possible again, only 22,7% of DENT tokens can actually be withdrawn as the other 77,3% have been stolen.
We have no idea how KuCoin will solve this issue as long as the stolen DENTs are not transferred back to KuCoin.
Also, although depositing should have been made “impossible”, we actually noticed some DENT deposits after the hack took place…
Hence, we strongly advice you to stop depositing your DENT tokens (or any other cryptocurrencies to KuCoin, and wait until KuCoin allows its users (again) to withdraw DENT tokens and all other affected tokens.
Note: the Market Cap of KuCoin is about $67 million, while about $281 million worth of “client tokens” was stolen. This is/was a huge “disbalance”. Luckily, $236 million has been “recovered” and is now “unavailable” to the hackers as some tokens are “frozen”, disabled to transfer, or can’t be sold by the hacker due to token swaps – see below. Hence, at the moment, about $45 million has not been recovered.
How did other exchanges and management of affected tokens react?
Well, some immediately took action and either:
- Froze (or disable tokens to transfer) the affected tokens. For example, Bitfinex CTO Paolo Ardoino confirmed that Tether has successfully frozen a total of 22 million USDT tokens (about $22 million). Datalink (VIDT) froze 14.49 million VIDT tokens (about $7.2 million), and announced a token swap. Covesting (COV) has announced that they have frozen the 3.12 million COV tokens (about $600K). Ampleforth (AMPL) has announced that they have disabled transfers of the 14.82 million AMPL tokens (about $10.89 million) from the attacker. Ocean Protocol (OCEAN) has recovered all the tokens returned these to KuCoin wallets.
- Re-deployed and replaced the affected tokens. For example, Velo Labs (VELO) has announced that they will re-deploy and replace each of the VELO tokens that were transferred to the suspicious address. The 122 million VELO tokens (about $75.7 million) affected will be invalidated. And Silent Notary (SNTR) has announced that they will re-issue new SNTR, and replace 78.9 billion affected SNTR tokens (about $90K).
- Did or announced a token swap. For example, KardiaChain (KAI) has completed the Token SWAP. About 525 million KAI tokens (about $10.2 million) have been secured. Orion (ORN) has completed the Token SWAP. Trading and withdrawal are available on KuCoin again. About 3.82 million ORN tokens (about $9.5 million) have been secured. NOIA Network (NOIA) has completed the token swap. Newscrypto (NWC) has completed the Token SWAP. About 53 million NWC tokens (about $11.26 million) have been secured. Opacity (OPQ) and UTrust (UTK) will also do a token swap.
- Reissued the token via a new smart contract. For example, NOIA Network (NOIA) has announced that they will reissue NOIA via a new smart contract, replacing the about 81 million NOIA tokens (about $5 million) affected.
- Temporarily disabled deposits/withdrawals on exchanges as PRE did.
While others did inform their community and/or are considering to take similar actions, or already checked all the options and decided to do “nothing”.
The idea of a token swap is that all current token holders will get an airdrop of a new created token replacing the old token (that is worthless after the swap), except the hackers, where instead KuCoin will get the new tokens.
However, there was at least one management team, Vid, that actually did a token swap, but don’t want to “give back” the new created VI tokens to KuCoin, but want KuCoin to pay for the new created tokens.
It’s very interesting to read the reasons behind in this article KuCoin Can Now Open VI Withdrawals written by Jag Singh, CEO & Co-Founder of Vid.
It gives an insight look at some of KuCoin’s practices about how KuCoin acts with respect to the hack.
Although, you can find some good reasons in this article that explains why Vid tokens were “screwed by” KuCoin, I don’t agree that KuCoin should buy all the new created (originally stolen) tokens from Vid. I mean by doing a swap, Vid ensured that the stolen tokens became worthless for the hackers. By not giving the new created tokens to KuCoin (the original owner on behalf of all its clients), actually Vid “stole” the tokens from the hacker and tries to sell the replaced tokens to KuCoin.
But of course, KuCoin should pay for all costs Vid had to make for doing the swap (including gas fees for the airdrop, developers and management time). And any management of a token who choose to do a swap doesn’t have to deposit all the new created tokens at once to KuCoin. On the contrary, I would advise the management of these tokens to keep some of the newly created tokens as guarantee to ensure that KuCoin pays all their costs associated with the swap, and start depositing/withdrawal features as soon as possible.
Some good examples about “keeping your community informed”:
- LUKSO’s response regarding the KuCoin hack
- KuCoin Security Incident and Presearch
- Utrust statement and next steps on the KuCoin hack
Below a livestream and AMA from LUKSO’s management team about how they handled the KuCoin hack and explained what happened…
Update as per October 20, 2020: As described above, several token swaps have already been finished, and the “new” tokens have been transferred to KuCoin wallets, and 120 tokens have opened deposit & withdrawal services.
One of these new wallets with new “swapped tokens” is this one…
However, it looks like the management of KuCoin “didn’t learn anything” from the last hack as again they put several different tokens into one wallet.
What did DENT Wireless do?
Well, very disappointing for us. The team did nothing so far. No news, announcement, or update or whatsoever.
On the contrary, more than 2 days after the hack, the admins in the official DENT Telegram could not (or didn’t want to) answer simple questions as…
And it’s not because they didn’t no the answer…
Followed by this conversation…
So, instead of trying to give as much information as possible and helping over 1,000 “worried” DENT token holders on KuCoin who don’t know what to expect and what to do, these holders are treated as “stupid” token holders who should know better (and should not keep their DENTs on KuCoin).
Well, the team seams to forget that they actually promoted and stimulated people to buy and trade DENT tokens on KuCoin (as you can see in the retweet by DW twitter main news channel in the message below).
Maybe, there is a good reason why the team didn’t inform its token holders. For example, if they won’t or can’t do a token swap or freeze, and don’t want to inform the hacker publicly as by announcing that the team won’t do anything, the hackers have a “free play” and try to sell the DENT tokens as soon as possible as they did with DIA an LYXe for example.
But this is all speculation, even if this was the reason, a simple statement that the team is aware of the hack and is doing everything to help KuCoin is better than just “ignore” the hack and the DENT token holders.
What did the hackers do?
As described above, he hackers stole almost all of the 100+ ERC20 tokens from just 2 hot wallets from KuCoin, and moved the tokens from these 2 wallets to just one single wallet:
So, it’s easy to follow what happens thereafter…
First they moved 50K USDT and tried to sell the stolen tokens on centralized exchanges, but these tokens were frozen immediately by the issuer of USDT.
Thereafter, they acted smarter by transferring tokens as SNX, LINK , and DIA to decentralized exchanges as Uniswap and Kyber. The hackers actually switched at least $13.0 million worth of stolen tokens into ETH, and now they are continuously moving tokens out of his “huge” wallet and transfers the individual tokens to DEXes.
Note: instead of what most people think…
DEXs aren’t necessarily good venues for money laundering. CipherTrace noted that even though millions of crypto stolen in the KuCoin hack was sold on decentralized exchange Uniswap, it wasn’t laundered there.
“The hacker isn’t using DEXs to hide their tracks, he is doing it so that he can sell his stolen tokens,” said Elliptic co-founder Tom Robinson.
Did the hackers already move DENT tokens?
At the moment of this writing, they didn’t.
Probably, because they can easier sell the other tokens on DEXes as there is no real volume in DENT on any DEX. So, they will first focus on the more liquid tokens.
Update: since the update tweet of KuCoin’s CEO on October 3, 2020, that they “found the suspects”, the hackers didn’t move any more tokens from the main wallet that contains all the stolen tokens. However, the hackers are currently still actively selling tokens via UniSwap as for example LYXe tokens (the hackers moved a significant portion on October 1, 2020, to a new wallet and from there they keep on selling the LYXe tokens on UniSwap). So, the hackers haven’t been caught yet and are still active with selling stolen tokens on decentral exchanges.
On November 4, 2020, the hackers moved all their left alt tokens that didn’t have a swap or freeze (including the 3 billion DENT tokens), plus the remaining of the tokens that were transferred to other wallets to be sold later on DEXes to just this wallet address.
At that moment, the total value of tokens that had value and could be sold by the hackers was around $15 million.
On November 11, 2020, the hackers moved several of these tokens to KuCoin.
So, either the hackers were caught or they managed to have a “deal” with KuCoin and sold this “leftover” bundle of tokens for a discount to “settle” the hack (just as insurance companies sometimes pay the robbers of stolen art or jewelry).
What can we expect next?
KuCoin will probably get access again to the stolen DENT tokens and will continue full services (withdrawals and depositing) before November 22, 2020.
Update: November 27, 2020 KuCoin resumed full service (trading, depositing and withdrawal) for the DENT Token.
Yes, this is still the wild-west. Overall KuCoin managed to get a substantial part of the stolen tokens back and “minimized” the losses, but mostly as a result of all those token swaps (and the management of KuCoin should be very pleased and happy that so many “tokens issuers” helped them out).
But all the KuCoins users were in uncertainty for a long time, couldn’t withdraw their tokens for many weeks, and did trade in “ghost” tokens.
So, I don’t like how KuCoin handled this situation, and I strongly recommend you to never use KuCoin again (I myself will never use them again).
I think we all agree that DENT Wireless is not responsible for this hack, but the fact that DWs management didn’t communicate at all about this hack was very disappointing. Especially, if you compare this with how other “token issuers” were acting.
February 10, 2021, Update about the hackers…
The above article assumes that North Korea was behind the KuCoin hack based upon a United Nations report…
The United Nations has accused the North Korean state of stealing $281 million worth of crypto from an exchange during September 2020.
According to Reuters, the findings from a “confidential report” authored by independent sanctions monitors for U.N. Security Council members “strongly suggests” links between the hack’s perpetrators and the North Korean regime. Reuters quoted the report:
“Preliminary analysis, based on the attack vectors and subsequent efforts to launder the illicit proceeds, strongly suggests links to the DPRK.”