Crypto exchange KuCoin plans to reimburse users that unknowingly sent their assets to a fraudulent site.
In an update on Sunday evening, KuCoin notified users that the exchange’s main Twitter account had been compromised by hackers for around 45 minutes on Sunday.
2/ Please note that ONLY KuCoin's Twitter account was compromised in this incident. We acted immediately to retrieve control of the account from official Twitter support after the incident occurred. We want to reassure you that your assets on KuCoin are secure.
— KUCOIN (@kucoincom) April 24, 2023
It is unclear whether the team briefly lost access to the social media platform during the period of the breach, seeing as they first informed users of the hack through their official Telegram channel a few hours before the statement was posted to Twitter.
Screenshots shared by users show that the hackers orchestrated a phishing scam from KuCoin’s main Twitter account, directing users to a website called KuCoinEvent.com. The fake giveaway scam offered 10,000 ETH, promising 5 to 1,000 ETH in return for every 0.5 to 100 ETH sent to the scammer’s address.
think you fell victim to the Kucoin scam? pic.twitter.com/zwr5PR1Rt4
— ZachXBT (@zachxbt) April 23, 2023
KuCoin estimated that 22 transactions associated with the fake activity resulted in a loss of 22,628 USDT. The exchange is in the process of identifying and blocking the perpetrators’ addresses.
“In addition to Twitter’s existing 2FA, the KuCoin team will implement additional security measures to fortify the protection of our social media accounts. We are also conducting a thorough investigation of the incident with Twitter to prevent similar occurrences in the future,” said the KuCoin team.
Last month, hackers targeted the Twitter account of Circle’s chief strategy officer Dante Disparte in an attempt to trick users into a fake USDC airdrop.
— Jeremy Allaire (@jerallaire) March 22, 2023
Although phishing scams like this are more easily discernible, a more concerning recent development for the crypto community has been an ongoing operation that has targeted veterans in the industry, draining around $10 million from their wallets since December. The source of the exploit is still yet to be identified, but it has resulted in the loss of 5,000 ETH from users across 11 blockchains.