Lessons from the Recent KuCoin $150 Million Crypto Hack Incident
Photo: Alexsl | Getty Images
Photo: Alexsl | Getty Images
Image 1 of / 1
Image 1 of 1
Photo: Alexsl | Getty Images
Even as the crypto industry has gained traction, many digital currency exchanges are still vulnerable to attacks by cybercriminals. In February 2020, Italian crypto exchange Altsbit lost around $70,000 worth of digital currencies. South Korean exchange Upbit reportedly lost around $51 million worth of Ethereum in November 2019. Japanese exchange Bitpoint was also compromised, resulting in a loss worth $30 million. In May 2019, Binance figured in a high-profile incident that had bad players running off with $40 million worth of Bitcoin.
Just recently, KuCoin published an official statement confirming the reported anomalous large withdrawals of Bitcoin (BTC) and Ethereum (ETH) tokens from the KuCoin exchange. The funds were transferred to several crypto wallets listed in an updated statement from Kucoin.
The Singapore-based digital asset exchange said that the cyber-thieves managed to steal the private keys to their hot wallets. More than $150 million worth of ERC20 tokens were siphoned. In response, KuCoin immediately transferred what was left in the compromised hot wallets to new ones and suspended all deposits and withdrawals.
After the $2 billion Mt. Gox incident a few years ago, many expected cryptocurrency exchanges had already learned their lesson, particularly with tightening their security measures or revamping their protocols. It seems, though, even with the upgraded defenses, cyber-attacks continue to persist.
What happened to KuCoin is similar to what happened with most other cryptocurrency exchange thefts. Bad players were able to obtain the private keys to hot wallets and were able to move the funds to their own wallets. “The hackers had the patience to wait and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” Binance said in a statement.
If the use of hot wallets is the common denominator in most cryptocurrency theft cases, is doing away with hot wallets the best solution? Unfortunately, there are still no viable alternatives to hot wallets in facilitating quick and convenient transactions. Cold wallets offer a higher level of security, but this results in higher transactional friction for users. As such, exchanges will have to address the vulnerabilities that come with the use of hot wallets.
Recovery solutions implemented by exchanges
Instead of abandoning hot wallets altogether, what digital asset exchanges have done over the years is to improve their cybersecurity systems to prevent the chances of having their data stolen. They particularly focus on complex attacks like social engineering and sophisticatedly distributed malware.
Additionally, to avoid losing the trust of their clients, some exchanges provide insurances or guarantees that the stolen digital coins will be reimbursed. Binance, for one, has a Secure Asset Fund for Users, which is an emergency insurance fund that covers losses in cases of cyber-attacks and other unforeseen situations. In the case of KuCoin, the company promised to reimburse those who lost their funds in the incident. “Please rest assured that if any user fund is affected by this incident, it will be covered completely by KuCoin and our insurance fund,” the company wrote in an incident update.
KuCoin’s promise of reimbursement does not necessarily cover all of the $150 million stolen coins. Among the 153 types of ERC20 tokens stolen were 81 million NOIA tokens. The NOIA Network announced that it will issue a 1:1 token replacement to all affected accounts.
“Following the ~$150million hack on KuCoin Exchange, NOIA Network is issuing a 1:1 [NOIA] via a new smart contract, with automatic distribution of new tokens to all [NOIA] holders,” said NOIA Network in its announcement.
Cryptocurrencies with prepared solutions for theft cases
The NOIA Network partnered with PARSIQ to take a “snapshot” of the wallet balances on the block 109446420. PARSIQ is a blockchain monitoring and automation solution with tools for detecting, analyzing, and preventing fraud in cryptocurrency transactions. It has the technology capable of accurately identifying wallet balances at specific instances and forensically analyzing transactions on- and off-chain.
The snapshot created by PARSIQ serves as the basis for the amounts that will be returned to the affected wallets. With this information, the NOIA Network is able to implement a hard fork that correctly restores the tokens stolen from the wallets of Kucoin customers while voiding those that have been transferred to the thief’s accounts.
A hard fork is a process that essentially creates a new protocol and thus a new chain independent of the original one. In the case of the above incident, it can be used to revert the blockchain to a particular instance and thus makes an invalid block in the blockchain valid or an invalid one valid. In the NOIA Network case, the hard fork invalidates a block to correct the unauthorized transfer of tokens. This results in the nullification of contract addresses and tokens associated with the theft. Thus, any token stolen becomes worthless and will not have an impact on the secondary market.
Third-party blockchain monitoring
All digital currencies that use blockchain technology can undertake hard forking. However, not all are able to use it to address a theft problem through hard forking alone. There is a need to correctly determine the balances that should be restored with a hard fork.
With the help of a third-party solution like PARSIQ’s “snapshot” function, tokens can be devalued by invalidating their original smart contracts creating new ones to allow the digital currency holders to claim the balances they lost due to the theft. “So that legitimate holders can claim their assets from new smart contracts – there is a need for snapshots with total balances before the incident,” PARSIQ wrote in an update post regarding the KuCoin hack.
PARSIQ said it will provide snapshots not only for the NOIA Network but also for other projects.
Enhancing security for decentralized solutions
Blockchain networks are continuously under attack due to the value of the smart contracts and transactions therein. For one, there needs to be an improvement in the internet infrastructure in the first place, in order to improve how platforms manage their security.
“The internet we have today is a patchwork of technologies, some decades old,” says Domantas Jaskunas, COO at NOIA Network. “These limitations cause outages and performance volatility, which is frustrating for everyday internet users, but combine to cause billions of dollars in damages to large businesses every year.”
One way to correct this is for technology providers to build more secure layers on top of the existing internet infrastructure.
“Prevention is always better. We believe there should be another layer of verification on each blockchain that performs an on-demand analytic of origin and destination before the transaction goes into blocks,” says Nobel Tan, Head of Engineering and Product at Uppsala Security. “Technically this can be done but it comes with additional cost. This is similar to the evolution of the internet.”
Aside from enhanced verification and forensic analysis, the bigger picture will require that companies collaborate in order to address these threats.
“Exchanges need to upgrade their security measures as we’ve seen too many such breaches in recent years. But more than anything, timely collaboration is needed to quickly take action. That means instant communication between the exchange, the token projects and companies providing solutions to mitigate those risks,” says Tom Tirman, Chief Executive Officer at PARSIQ.
It will be a challenge to abandon hot wallets completely, even if this is the most common risk factor in nearly all cryptocurrency exchange thefts. There are other ways to get around the problem. Hard forking, in particular, can invalidate stolen tokens and restore lost balances to the affected wallets. However, it is necessary to use a blockchain monitoring platform like PARSIQ and for cryptocurrency exchanges (like KuCoin) and projects (like the NOIA Network) to collaborate and implement automated solutions that will ensure a fast and efficient way to resolve theft and other similar issues.