KuCoin Has Allegedly Given Tokens 'Volume-Boosting' Offers

Hong Kong-based cryptocurrency exchange KuCoin is at the center of a new controversy in the cryptocurrency space, as some believe some ‘volume-boosting’ offers that allegedly came from it are implying it’s engaging in wash trading.

According to an investigation carried out by The Block, KuCoin has reportedly approached some of the projects behind 16 tokens it recently delisted, asking them to pay up to $180,000 in “volume-boosting fees,” or get delisted from its platform, which has over 5 million registered users.

Per the news outlet, when cryptocurrencies fall into the bottom 18% of tokens by trading volume on KuCoin, they’re put on “Special Treatment rules.” Some of the projects behind these – specifically The Block mentions Jibrel, Publica, Unikrn, and Encrpgen – were advised to pump their trading volume to recover.

Jibrel’s COO Talal Tabbaa was quoted as saying:

We received an email saying ‘you have the ability to improve your volume or you’ll be delisted. Then they recommended market-making firms that would help us reach the minimum daily volumes they set for projects. I was honestly shocked at the requests they were making

He added that KuCoin recommended two market-making options. The exchange also allegedly reinforced that the market makers could help Jibrel’s token reach the minimum trading volume to remain listed.

The news outlet claims KuCoin confirmed an email it saw was sent from one of the exchange’s employees. Taking his offer into account, Tabbaa claimed it was “basically to do wash trading. I’m 100% sure. Whenever there’s a [volume] guarantee, you know there’s something wrong.”

Jibrel eventually turned down the offer. David Koepsell, the CEO of Encrypgen, reportedly claims the firm was also encouraged to boost trading volume through an “extensive marketing campaign.”

KuCoin reportedly pitched him an “advanced marketing package,” priced at $90,000. After he refused to pay, the organization’s token ended up being delisted. Koepsell was quoted as saying:

We found that to be pretty disingenuous. They buy a bunch and then sell a bunch at market just to get the volume.

Another project, Publica, reportedly accepted the exchange’s offer, but eventually ended the deal as the fees grew “beyond what was originally agreed.” The CEO of Unikrn, Rahul Sood, claimed KuCoin came up with “fake your volume fees,” Notably, although he refused to pay Unikrn is still listed. Per his words, they’re trying to build a legitimate business, not a “marketplace for our token.”

Wash Trading 

The CEO of Coinroutes, Dave Wiesberger, reportedly told The Block that the cryptocurrency exchange’s alleged market making offers aren’t common with traditional liquidity providers, as “providing volume [is bad].” This,as it makes it “look like there’s more interest than there is” in a specific asset.

He added:

An exchange by its definition is meant to be a neutral party. Taking the other side of trades makes a massive conflict of interest in that model. Any market making subsidiary would need to have information barriers, and [be] audited.

If KuCoin was connecting the firms to legitimate market makers, things would be different, he concluded. Market makers, in traditional finance, are intermediaries that buy or sell a specific asset, while receiving a spread for the risk taken.

Crypto analyst Sylvian Ribes told the news outlet that Chinese exchanges call market making what is, in reality, wash trading. Wash trading sees an entity trade against itself, artificially pumping volume. The practice is illegal in regulated markets.

In reality, wash trading doesn’t boost liquidity. Although it inflates trading volumes, it doesn’t create real demand for the asset. While marketing campaigns could be legitimate, it isn’t clear whether KuCoin’s offer was.

KuCoin’s Response

The Block reportedly contacted KuCoin for comment, and was told it was “pretty sure” it never offered said project marketing or volume-boosting services. Via email, its representatives allegedly suggested the emails the news outlet obtained could’ve come from fraudulent addresses.

Nevertheless, they admitted the allegations would be a problem is correct. An exchange spokesperson was quoted as saying that KuCoin would “definitely take actions to deal with behaviors that violate our company policy,” if the emails came from its staff.

Notably, the allegations come shortly after KuCoin’s KCS token went up over 13%, thanks to the platform’s 2.0 upgrade. Earlier this month, the exchange also added credit card purchases for major cryptocurrencies.

Coinbase Says Recent Zero-Day Attack Targeted Staff, Not Investors

Neil Dennis

Coinbase sought to reassure investors on Thursday over concerns that customer accounts may have been targeted in an attack that exploited a recent Firefox zero-day.

The San Francisco-based cryptocurrency exchange said that the attack, discovered on Monday, had targeted Coinbase employees and that the exchange and its customers' accounts were untouched.

Software Vulnerabilities

A zero-day is a vulnerability in computer software that can remain unknown to those who provide and use that software for several days or weeks, yet - if discovered by hackers - can provide the opportunity to exploit that weakness for mischief or profit.

Coinbase's cyber security team, led by Philip Martin, discovered the zero-day vulnerability in Mozilla's Firefox software and reported it immediately to the web browser provider, which then issued a patch to rectify the fault.

However, the zero-day event may have lasted for weeks, according to Google engineer Samuel Gross who helped develop the patch. He reported on Twitter that he had reported a bug in Firefox to Mozilla in mid-April.

Coinbase Security on the Alert

While it remains unclear how soon attackers noticed the vulnerability and how extensively the bug was exploited, Coinbase detected the attack on its staff before the hackers could dig deeper into the back-end network from where they could have stolen funds from the exchange.

Philip Martin explained on Twitter that the security team "walked back" the entire attack and reported the zero-day to Firefox. He added the team was working with other organizations to "continue burning down attacker infrastructure and digging into the attacker involved".

He continued: "We’ve seen no evidence of exploitation targeting customers. We were not the only crypto org targeted in this campaign. We are working to notify other orgs we believe were also targeted.

Martin concluded: "If you believe you have been impacted by this attack or you have more intel to share and want to collaborate with us on a response, please reach out to [email protected]"

Growing Problem

Zero-day attacks are on the increase. A 2018 survey by the Ponemon Institute called the State of Endpoint Security Risk report, said respondents reported that 37% of cyber attacks launched against their companies were zero-day events. This was a 48% increase from 2017.

Meanwhile, 63% of the survey's respondents said that the frequency of zero-day attacks had increased over the previous 12 months.