In brief

  • Crypto exchange KuCoin has recovered $239 million worth of crypto stolen by hackers last September, said its CEO.
  • However, the platform had to cover another $45 million using its own insurance fund.
  • The hackers are still being tracked.

Crypto exchange KuCoin managed to recover 84% of the funds that were stolen from the exchange last September, according to KuCoin CEO Johnny Lyu. While the hackers made off with the remaining 16%, some $45.55 million, the exchange covered this through its insurance fund.

In a letter published today, Lyu said that cooperation with its exchange and project partners allowed KuCoin to originally recover 78% ($222 million) of the stolen funds. Another 6% ($17.45 million) was then returned with the help of law enforcement agencies and security institutions.

KuCoin's recovered funds
A graph showing the recovered funds from the KuCoin hack. Image: KuCoin.

As Decrypt reported, KuCoin was hacked on September 26 last year. During the investigation that followed, it was discovered that damages amounted to over $280 million worth of stolen cryptocurrencies in total. The coins stolen included Bitcoin and some Ethereum-based tokens.


“It was found that a total of 154 tokens were affected by this incident, and the total value is approximately $285 million based on the market price of the day,” Lyu wrote.

In today’s letter, Lyu explained that the hacker managed to get a hold of several private keys from KuCoin’s hot wallets via an advanced persistent threat (APT) attack. With this vector of attack, hackers usually establish a long-term presence on a network in an attempt to steal some sensitive data.

“We found that KuCoin encountered a complex APT attack in September 2020. The attacker was lurking for a long time, and this attack severely damaged our internal network, allowing the attacker to bypass the security system of KuCoin and obtain the private keys of a few hot wallets,” he wrote.

At the same time, Lyu argued that the sheer scale of the KuCoin hack “is rare in the industry” and was difficult to deal with.

“To be honest, when the incident broke out, our team experienced a short period of low tide and many members fell into self-doubt,” he noted.


In the future, the exchange plans to increase its investments in security, and has already upgraded its entire security system and architecture as well as restructured its security team, Lyu added.

As Decrypt reported, Lyu previously said that he has "substantial proof" of who the attackers actually are. However, he only added that “the tracking is still in progress” today.

Stay on top of crypto news, get daily updates in your inbox.