Approximately 250,000 USD in assets were stolen in a security incident whose details have not been fully disclosed. According to on-chain investigator ZachXBT, the funds were quickly split and transferred to multiple KuCoin deposit addresses, which are alleged to be linked to accounts opened using purchased KYC identities, becoming a channel for criminals to "launder" money. More controversially, according to a single media source PAnews citing ZachXBT, around August 18, 2025, KuCoin did not provide clear responses through public channels but instead sent an email described as carrying legal threats to the victim who had suffered losses: when the victim tried to inquire about the whereabouts of their assets on KuCoin, they were met with lawyer-like warnings rather than a promise to assist with an investigation. With on-chain footprints pointing to a certain exchange and the known industry issue of KYC account trading in the background, this email escalated what was initially a "cold" technical incident into a direct conflict regarding platform security responsibilities and user rights, turning a simple theft story into a long-term inquiry of "who is responsible for this funding path on the chain."
250,000 USD Stolen: How the Funds Got to KuCoin
According to ZachXBT, the user's approximately 250,000 USD in assets were stolen in a security incident related to the so-called Atomic Stealer malware or the Atomic wallet. Different media outlets have described the attack tool inconsistently; some emphasize it as "Stealer"-level malware, while others vaguely point to a wallet-related security incident, which itself exposes a breakdown in the information chain: whether the user was compromised or the wallet infrastructure was breached has not been strictly clarified in the current public materials. What can be confirmed is that after discovering the asset anomaly, the victim traced back through on-chain records and gradually confirmed that these funds had ultimately flowed into the KuCoin system.
Reportedly, after leaving the victim's address, the stolen assets did not directly rush to a particular exchange account, but were first split into multiple transactions on the chain and then transferred in batches to multiple KuCoin deposit addresses. The on-chain path shows that the KuCoin accounts behind these deposit addresses are allegedly registered with purchased KYC identities rather than genuine "real-name users," which aligns with the pre-existing phenomenon of KYC account trading in the crypto industry. Current public materials have not disclosed the further flow of these funds within the KuCoin system, nor clarified where they ultimately remained, whether they were frozen or recovered, leaving the entire funding path in a vague, halfway state of ambiguity.
KYC Accounts Being Resold: Anti-Money Laundering Defenses Torn Open
When the stolen funds were funneled into these "purchased real-name accounts" on KuCoin, the issue transcended merely the sophistication of a hacker's tool. The black market for KYC accounts that has long existed in the industry turns what should be a line of defense for client identification into something that can be subleased or resold. Criminals do not need to expose their own documents; by purchasing an already approved account, they can complete steps like depositing, splitting, and withdrawing under the guise of regulatory compliance. As pointed out by ZachXBT, the KuCoin account used to receive the approximately 250,000 USD in stolen funds belongs to this type of purchased KYC identity, which makes it appear as though the platform is facing "qualified users" on-chain, when in fact it is a shadow obscured by layers of cover.
For KuCoin, such details are particularly glaring. In the past, it has been named by regulators and media for security incidents and compliance issues, and now finds itself embroiled in a money laundering controversy directly related to KYC account trading, naturally raising external doubts about its anti-money laundering processes: anti-money laundering regulations typically require exchanges to monitor suspicious transactions and cooperate with law enforcement, but there is currently no publicly available information indicating how KuCoin monitored this funding path or whether any alarms were triggered and how they responded. It is important to emphasize that the trading of KYC accounts is not an issue exclusive to one platform, but rather the result of long-term entanglements between increasing regulatory pressures and anonymity on-chain. The controversy surrounding the 250,000 USD in stolen funds flowing into KuCoin merely exposes the structural cracks within the industry regarding the black market for KYC accounts and the anti-money laundering struggle a bit more clearly.
Victim Seeks Rights but Receives Threat Letter: Trust Completely Reversed
After discovering that the stolen funds had been split and flowed into multiple KuCoin deposit addresses, the user who lost approximately 250,000 USD did not immediately direct their accusation at the anonymous "black hand" on-chain but first attempted to communicate with the platform to seek rights protection, requesting explanations regarding the flow of funds, account ownership, and the platform's actions. In a typical narrative, the trading platform should have been the "last lifeline" the victims could grasp; however, according to ZachXBT, around August 18, 2025, KuCoin sent this victim an email described as carrying legal threats. Current public materials have not disclosed the complete content of this email or the specific legal basis, but the very combination of "the platform sending a legal warning to the victim" is enough to make the originally seeking help party realize that they are no longer facing indifferent customer service but rather a potential legal adversary.
This role reversal was quickly amplified in public opinion to carry symbolic significance: when the victim sought to inquire about how funds were circulating within the platform and how KYC accounts were being traded, what greeted them was not a transparent explanation but a threatening email. According to public information, as of June 30, 2026, there is no evidence that this victim has filed a lawsuit against KuCoin or reached a settlement with them, and KuCoin has also not provided detailed explanations regarding the intention and basis of the email. In this state of suspended information, it is difficult for other potential victims and on-chain disclosers not to have concerns—once they come forward to question the platform, is it also possible they may first receive a "legal threat" email? This uncertainty itself has already formed a substantial chilling effect on the willingness to disclose and the support pathways within the industry.
ZachXBT's Intervention: How On-Chain Tracking Changes the Game
In this case of the 250,000 USD theft, what truly changed the situation was the appearance of ZachXBT. As a well-known on-chain investigator who has been tracking crypto scams, thefts, and money laundering paths, he has already formed a sort of "public prosecutor" image within the community. This time, he highlighted through public channels how the stolen funds were split, how they flowed into multiple KuCoin deposit addresses, and that these addresses were allegedly tied to purchased KYC accounts, thereby elevating what originally existed only in customer service tickets and email exchanges to a verifiable and publicly accessible transparent stage on-chain.
Multiple media outlets, when reporting on this incident, directly quoted his accusations against KuCoin and the relevant funding paths, transforming it from an isolated dispute between "a user and a platform" into an upgraded industry topic surrounding anti-money laundering capabilities, KYC enforcement intensity, and the platform's attitude toward victims. For the exchange, the adversaries in the game also changed: they now face not just the demands of individual users, but the compounded pressure from on-chain evidence, on-chain investigators, and the public discourse intertwined. In light of the lack of public regulatory responses and the absence of official explanations, ZachXBT's disclosures have given every step the platform takes a demonstrative effect—this time, he used on-chain tracing to turn a controversial email into a mirror reflecting the entire industry's treatment of victims and disclosers.
Exchange Security Red Lines: Will There Be Fewer Incidents Next Time?
This incident overlays two already sensitive lines of inquiry: on one side, the stolen funds were split and transferred into multiple KuCoin deposit addresses, allegedly completed "on-ramp" through purchased KYC accounts, exposing the platform's vulnerabilities in KYC black market dealings and anti-money laundering enforcement; on the other side, ZachXBT stated that KuCoin sent a legally threatening email to the victim, converting what should have been a protective compliance and risk control into a risk that must be guarded against in the victim's rights protection efforts. Trading in KYC accounts and on-chain theft laundering is no longer an isolated case, but when the platform is questioned for wavering between aiding money laundering and suppressing victims, the depleted trust is not limited to a single brand; rather, it affects the entire centralized exchange model. As of June 30, 2026, there has been no clear public statement from regulators, nor has KuCoin provided a detailed rectification report. What remains to be observed next is whether the platform will complete the timeline of the incident and the results of its handling, whether regulators will choose to intervene to define the situation, and whether the industry will introduce stricter governance arrangements regarding KYC processes, suspicious account freezing, and responses to victims; until these variables are settled, whether the next similar incident will be fewer remains an unanswered question.
Join our community to discuss and become stronger together!
AiCoin Exclusive Hyperliquid Benefits: https://app.hyperliquid.xyz/join/AICOIN88
AiCoin Exclusive Aster Benefits: https://www.asterdex.com/zh-CN/referral/9C50e2
On-Chain Telegram Community: https://t.me/AiCoinWhaleData
On-Chain Community: https://www.aicoin.com/link/chat?cid=N6OVMor5g
AiCoin On-Chain Twitter: https://x.com/aicoinwhaledata
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
