KuCoin’s Twitter Account was Hacked, Users Lost $22,628

Cryptocurrency exchange company, KuCoin’s Twitter was hacked for a brief period, resulting in a loss of $22,628 from several users due to some fake activity posted on the account.

In the early hours of Monday, Apr 24, the official Telegram account of KuCoin News announced that the official Twitter handle for the cryptocurrency exchange had been hacked and advised users not to interact with anything posted on the compromised account.

The announcement reads:

“Dear KuCoin users,

We are sorry to inform you that our official Twitter account has been compromised, and we are taking measures to resolve the issue as soon as possible.

While we are working to resolve the problem, we strongly recommend that all users avoid clicking on any suspicious links that may be shared through our account.”

1/ The @kucoincom handle was compromised for about 45 mins from 00:00 Apr 24 (UTC+2). A fake activity was posted and unfortunately led to asset losses for several users. KuCoin will fully reimburse all verified asset losses caused by the social media breach and the fake activity.

— KuCoin (@kucoincom) April 24, 2023

A Phishing Link Snatches $22,628 from Several Users

Hours after the initial announcement, the KuCoin team returned to Twitter to shed some light on the incident. According to the report, the attack only lasted about 45 minutes, but the perpetrator was still able to get away with a significant amount.

KuCoin noted that only the Twitter handle was compromised, and users’ funds are safe on the exchange’s platform. During that 45 minutes, fake phishing activity was posted, unfortunately leading to asset losses for several users.

As per the initial investigation, the monitoring team has discovered 22 transactions associated with this security incident, calculating the total loss amount to 22.628 USDT. Reports suggest that scammers created a fake Medium page (kucoinevent) to lure users into a fake 5,000 BTC and 10,000 ETH airdrop to celebrate 10 million users.

#AegisWeb3Alert
🚨KuCoin Twitter Compromised
Scammers created a fake Medium page to lure users into transferring funds.
⚠️Do not interact with it
Be vigilant and stay away from #SCAM! pic.twitter.com/L2ZiNV6XnI

— AegisWeb3 (@AegisWeb3) April 24, 2023

The exchange wrote:

“Until 02:00 Apr 24 (UTC+2), we have identified 22 transactions, including ETH/BTC associated with the fake activity, with a total value of 22,628 USDT. To prevent more users from being harmed, we are currently examining and blocking suspicious addresses.”

According to the PeckShield report, the attacker was able to pocket $16K as 8.7 ETH and $6.5K as 0.235 BTC. The exchange has announced the commitment to fully reimburse all verified losses.

#PeckShieldAlert #Phishing @kucoincom Twitter handle was compromised and the scammers grabbed ~8.7 $ETH (~$16K) and 0.235 $BTC (~$6.5K)https://t.co/79lUovNl4P https://t.co/Qu7AEyMBVQ pic.twitter.com/s8rL4D4sKX

— PeckShieldAlert (@PeckShieldAlert) April 24, 2023

KuCoin is currently the fourth largest cryptocurrency with a daily trading volume of around $500 million, reveals CoinMarketCap data. The platform suffered a devastating attack that resulted in a loss of up to $289 million in September 2020.

The KuCoin Token (KCS) doesn’t seem much affected by the recent incident. It is only 1% down in the last 24 hours. It went just below $8 for some, only to climb back above $8 a little later.

KuCoin is also in trouble in the US. It has recently paid $30 million in fines over its staking service and agreed to halt the flagged product. As reported, the US State of New York has also sued KuCoin for operating an unregistered exchange.