KuCoin Security Breach
KuCoin exchange communicated a security breach and outflow of funds from September 26, 2020 at 03:05:37 (UTC+8). These outflows included DIA tokens.
The Situation
The breach that occurred in the night from Friday September 25 to Saturday September 26, included DIA tokens. In total around $150M+ worth of funds in tokens from more than 100 projects was moved to an external address. The impact on DIA token holders is limited to the tokens which were held by KuCoin.
Wednesday, September 30
We want to begin this update by expressing our gratitude for the enormous support that our community has shown in this situation generally as well as for our decision to stay true to decentralisation and not fork. This was a strenuous time for all parties involved, but we emerged stronger than before.
The hackers have liquidated all DIA tokens. We are happy to see that $DIA remained strong, despite massive sell orders on low liquidity decentralised markets from the hacker’s wallet. In the meantime we continue to converse with KuCoin about the details of their reimbursement plan. As the exchange is currently dealing with over 100 projects, this may take a few days.
We have decided to take action to mitigate the adverse market effects on the value of our community’s holdings. To do so we will distribute an amount of tokens corresponding to the amount that was stolen among token holders that align with us on a long term commitment.
All wallets that hold DIA (excluding the DIA Association, DIA team and the hackers’ wallets) during the time between September 25 2020, 12pm CEST and December 10, 2020, 12pm CEST (also temporarily) are eligible to receive a proportionate share. The amount will be based on the average holdings during that period.
Further details about the allocation will be communicated soon.
Monday, Sep 28
Following KuCoin’s security breach, the team has been evaluating all options to respond to the situation including a hard fork of the DIA token smart contract, as a handful of the affected projects decided to do.
As true believers in decentralisation, DIA Association has consciously not embedded a freeze or burn function into our smart contract, as this would essentially mean that the project team have ultimate control over the project, which stands in direct conflict with our conviction. This is a key difference to other projects who have embedded a freeze/pause function into their contract, which effectively concentrates power over the contract around the team.
From DIA Association’s perspective, a hard token fork would be particularly disadvantageous:
- The decentral stakeholders of DIA tokens would have been unfairly disadvantaged, favouring the mitigation of a centralised 3rd party breach.
- The deployment of new DIA tokens would largely have relied on the trust of centralised exchanges to allocate tokens correctly.
- A fork would have resulted in two competing DIA tokens.
Considering these factors, we believe that this decision would not be in line with the promise of decentralisation that was made to our community.
We are currently in discussions with KuCoin to receive full transparency on the insurance and claim management for the impacted token holders as well as to support KuCoin with the acquisition of DIA tokens in the market to redistribute accordingly. In addition, the team is working on proposals for a community vote to mitigate the adverse effects of this situation.
Thank you for your continued support. We will keep you updated with new developments.
Sunday, Sep 27
We continue liaison with team KuCoin about the situation regarding Friday’s security breach and details about KuCoin’s insurance coverage process. In addition, we are in direct conversation with many of the other affected projects to make sure that a coordinated course of action is taken.
We understand the need for transparency and information for all affected communities. Rest assured that we are addressing the situation with the attention and diligence it demands. We hear your concerns and suggestions and are actively pushing to retrieve all relevant input required to make an informed and prudent decision on the best course of action.
We will keep you updated on this post and in our Telegram and Twitter channels. Thank you for your trust and support!
Saturday Sep 26
We are in contact with KuCoin and monitoring the situation closely. Deposits and withdrawals on KuCoin are temporarily suspended while the team further investigates. KuCoin CEO Lyu has issued a statement and held a livestream (recap), communicating that all user funds are covered by insurance.
All other centralised exchanges have been contacted and asked to blacklist / restrict all known wallets associated with the outflow from activity. We have also advised Uniswap pool providers to reduce their pools for the time being until we have more transparency on the situation. We further advise joining the relevant KuCoin channels or contact support chat to keep informed and receive support on whether you are affected in any way:
- KuCoin Twitter
- KuCoin Telegram group
- KuCoin News Page
- KuCoin support chat (Long wait times are highly likely)
Further updates will be shared as more information becomes available.
