Kucoin Boss on Strategy After Hack: ‘We Chose to Act’
Kucoin, one of the leading crypto exchanges, suffered a hacking incident in 2020 where over $250 million was stolen. However, immediately after the hacking was reported, Kucoin began cooperating with various players from the crypto industry. This cooperation ultimately led to the recovery of a large chunk of the stolen funds.
Kucoin’s Recovery From Attack
It is now close to a year since the hack, yet Kucoin remains one of the leading crypto exchanges in the world and one that is favored by many users in Africa. Kucoin’s quick recovery from the incident can be attributed to many factors. To learn more about this Kucoin experience, Bitcoin.com News recently reached out to the exchange’s CEO, Johnny Lyu.
Below are Lyu’s responses to questions sent to him via Linkedin.
Bitcoin.com News (BCN): It is getting close to a year since hackers stole from your exchange but as has been widely reported, most of the stolen funds were recovered. So can you now confirm how much was actually stolen and how much has been recovered?
Johnny Lyu (JL): We value our users, so we always exert extra effort to make them feel comfortable with us. We also understand how terrible it is to lose your funds as a result of an attack. That is why we worked hard to recover 84% of the stolen funds, and covered the remaining part with our own funds, resulting in no user suffering any loss in the incident.
This was made possible thanks to the well-coordinated work of all our departments, 24/7 cooperation with other exchanges and projects. The Safeguard Program we had developed for supporting institutions and users affected by security incidents initiative has proven to be effective in making the process as quick as possible.
BCN: How has the hacking incident affected Kucoin?
JL: To be honest, when the incident broke out, our team experienced a short period of low tide and many members fell into self-doubt. However, with the support and encouragement of our partners and users, we quickly changed our attitude and began to face it bravely and actively. Now we have fully recovered from the incident and our safety level has been greatly improved.
When I look back at the incident again today, I see it more as a learning opportunity, which lets us find the existing problems of Kucoin. As the incident broke out, we were able to respond before it developed to be too difficult to solve.
After the incident, I could say that we started paying more attention to security, but that would mean we had not paid enough attention before. We monitor exchange security very carefully. The competition between crypto exchange security technologies and the hackers’ tools never stops, so it is important to be prepared to solve problems both technically and financially if an attack takes place. Right after the incident, we upgraded Kucoin’s entire security system across web, app and API protocols to ensure transaction security in the following activities. This is the most important thing that makes an exchange reliable.
In addition, the incident also motivated us to think thoroughly regarding how Kucoin can stand out in the industry in the long term. Which guided us to improve our system’s capabilities and our team’s competence. Luckily, the recent bull run started soon after the incident, and we are more well prepared for it than most competitors. And now, Kucoin does not only survive this incident, we are already one of the top 5 crypto exchanges.
BCN: Can you briefly explain what the Safeguard Program is really about?
JL: Projects facing security problems for the first time may be confused and their partners may not know how to help them. Therefore, it is very important to share the experience with other industry players in resolving security incidents.
Together with our partners, we have accumulated valuable knowledge on how to act in force majeure situations, developing regulations and protocols that increase the effectiveness of the measures taken both for the prevention and the elimination of the consequences.
At the same time, we developed both operational protocols that are executed in the first hours, and strategic ones, which do not require immediate reaction. Thus, we know what to do in the first hours after the attack and what to do in the months after it happened to ensure ultimate protection and stability.
The Safeguard Program is a unique solution in this regard that allows crypto exchanges to quickly and jointly eliminate the damage caused in the event of a hacker attack. We believe that in the future, projects and users will likely be able to come to a consensus on resolving issues around the security of funds in the case of force-majeure situations.
BCN: After the hacking incident, we witnessed an unprecedented level of cooperation between your exchange and many other stakeholders, which of course led to the recovery of some funds. In your view, is it a good thing for the crypto world to have certain organizations that have the ability to freeze or censor certain crypto transactions?
JL: The availability of the tools necessary for verifying transactions in the hands of authorized organizations acting in accordance with the laws of a particular jurisdiction is a prerequisite for the development of cryptocurrencies and the suppression of illegal activities. It is also necessary to avoid excessive rigor so that law-abiding users do not suffer from such tools, because such norms are needed to protect them, and not to limit their rights.
When it comes to such force majeure situations like a hacker attack on an exchange, it is obvious that the time for making a decision is very limited and, sometimes, you have to choose the lesser of two evils. First of all, we must think about the end result – the safety of our users’ funds. Did we have any other choice?
The question becomes especially acute when considering the matter of the urgency required in situations where there are large amounts of money at stake. Both our team and many projects affected were faced with a choice: act or lose control of a significant part of their funds. We chose to act.
I know that most of the users supported the chosen action plan, but there were also those dissatisfied with the measures taken. Still, those measures effectively blacklisted the hackers’ stash of stolen tokens and helped users get their funds back — a step unprecedented for the industry.
And if the community could go back and choose the same tactics when Mt Gox was hacked, we would have been able to avoid some catastrophic consequences for the entire crypto world. (And if we could have opted for some of the same tactics after other attacks, then the attacks themselves would have disappeared as a phenomenon due to their uselessness.)
This is always a dilemma, where on one side of the scale are the users’ funds, and on the other is the philosophy of cryptocurrencies. Being financially unaffected, it is easy to choose the second plate, but it is unlikely that many would agree to sacrifice their funds for the freedom of others. Beyond all the arguments, I agree with the statement that All is Well that Ends Well.
BCN: What other safeguards have you put in place to ensure that similar incidents do not occur?
JL: Since the establishment of Kucoin, we have always attached great importance to security, but this incident warned us once again: pursuing security is a life-long journey. We have re-architected a new security system from the following three aspects:
The Entire Security System Upgrade: A more powerful risk control system has been added to the three access systems of WEB, APP, and API to ensure the safety of users’ accounts and assets.
Network Security Architecture System Upgrade: Deploy network security measures in strict accordance with financial-level security compliance requirements. At the same time, we have been in contact with one Big Four accounting firm and will obtain its security standard certification.
Security Team Restructure: We have rebuilt the Kucoin security team and reached close cooperation with top security and anti-APT agencies. At the same time, we will set up the Kucoin Information Security Emergency Response Center which will operate in an open and transparent manner. The center will make the most powerful, rapid and effective response to the industry’s future security challenges. Beyond the protection of traditional network security, we also strengthened the blockchain security in multiple perspectives.
In the future, we will continue to increase our investment in security, and the experience gained from this incident will enable us to quickly advise and support other industry partners in the event of a security crisis in the future. Blockchain is still in its early stages of development, and the industry can only grow when we work together.
BCN: Turning to your clientele, which region/continent accounts for most of your business?
JL: Kucoin is a global crypto exchange and has grown into one of the most popular crypto exchanges since 2017. As a people’s exchange, every region is significant for us. As you can see, Kucoin has established 19 local communities in North America, Europe, SEA, Africa, etc. Our 8 million users are located all over the world.
Every region is a key market for Kucoin. We are committed to providing highly localized services to our users in different regions while exploring new markets which are short of crypto-related services but have huge development potential.
BCN: How much does Africa contribute as a percentage of total traded volumes?
JL: African users have always been an important part of our global user map. The latest data shows that the African crypto market ushered in a major outbreak in the second quarter of 2021. The trading volumes contributed by our African users increased by 20 times in the second quarter of 2021 compared to the same period of last quarter. Correspondingly, we have also launched highly localized services for African users at a very early stage.
Kucoin is one of the first exchanges to establish an exclusive Arab community to provide localized services for Arabic language users in more than a dozen African countries and regions. In 2021, we established an exclusive Nigerian community, which lights up the African continent of our global user map.
BCN: Why do you think people in Africa favor Asian crypto exchanges like yours?
JL: Today, Africa is leading in terms of population growth, surpassing China more than fivefold in 2020. The continent is also booming in terms of cryptocurrency adoption, according to the 2020 report by Chainalysis. The increase in volumes of cryptocurrencies across Africa has also seen P2P volumes from Sub-Saharan Africa overtake Latin America for the first time.
There are several reasons for such rapid growth — a large share of the unbanked population, high levels of inflation, and poverty in the region, which are pushing people to search for alternative financial instruments, such as cryptocurrencies.
In the future, Africa will become the most densely populated continent on the planet. It is quite natural that traders and investors from Africa are now choosing financial products developed in another densely populated and more technologically advanced part of the world — Asia.
Plus, a large audience and high competition in the Asian region forces cryptocurrency exchanges to provide users with the highest quality services, which is why people from many countries prefer exchanges like Kucoin.
Kucoin started in Asia but in the long run, we don’t want to be seen as an Asian exchange. We are committed to serving users all around the world.
BCN: In 2020, you launched your P2P trade for the Nigerian market. Do you still have this going on given that Nigeria essentially banned naira-to-crypto trades?
JL: I noticed that the Central Bank of Nigeria announced a ban to local financial institutions on cryptocurrency purchase and trading in the country earlier this year. We have been paying close attention to this to ensure our services are following local policies.
BCN: Is Kucoin fully regulated in places where it operates?
JL: Kucoin is a crypto exchange registered in Seychelles. All of our activities are in compliance with local regulations. We are also actively seeking licenses in many markets, so as to offer a wider range of services to local users.
BCN: Where do you expect to see your traded volumes growing in the next few years and why?
JL: Developing financial derivatives is a key direction for Kucoin in the next few years. We are committed to developing and optimizing products for people with different risk preferences. For example, we have launched Trading Bot, a free intelligent trading tool providing efficiency, convenience, and powerful strategies to cryptocurrency traders, especially for novices who have little trading experience but can help them quickly get to know the crypto world.
For investors with a higher risk appetite, we are constantly optimizing services provided by Kucoin Futures. This August is also the 2nd anniversary of Kucoin Futures. Looking back on our first day, from the initial launch in August 2019, Kucoin Futures has become one of the top 10 global Futures trading platforms today.
Currently, we support contract products of 60+ cryptocurrencies. The transaction is available on both web and app to meet the different needs of traders. The total number of registered Kucoin Futures users has exceeded three million. These are the best proof to show us a way for better development in the future.
What are your thoughts on this interview? You can share your views in the comments section below.