Cryptocurrency Exchange Gatecoin confirms that lost $2 Mln in Hot Wallet Breach 

Gatecoin, the Hong Kong-based regulated and secure financial institution for blockchain assets has issued an official statement regarding the breach the firm experienced and lost 15% of our crypto-asset deposits.

Below is the Gatecoin statement as it was published:

“Following an initial forensic investigation conducted by a professional cyber security firm, Tehtri Security, the Gatecoin team can confirm that we experienced a breach of our system, and lost 15% of our crypto-asset deposits.

The breach took place between Monday, May 9, late night HKT, to Thursday evening HKT, May 12, 2016. On Monday night HKT, May 9, we experienced a disruption of our service caused by a server reboot and so far, we strongly believe that the breach is linked to this event.

On Friday night HKT, May 13, we detected some suspicious transactions and immediately suspended our services to investigate, and to prevent any more unauthorized access to the ETH and BTC hot wallets.

We have previously communicated the fact that most clients’ crypto-asset funds are stored in multi-signature cold wallets. However, the malicious external party involved in this breach, managed to alter our system so that ETH deposit transfers by-passed the multi-sig cold storage and went directly to the hot wallet during the breach period. This means that losses of ETH funds exceed the 5% limit that we imposed on our hot wallets.

Loss of Funds

In total, the hot wallet breach resulted in the loss of ETH 185,000 and BTC 250, which is equivalent to USD 2 million. This represents 15% of total crypto-asset deposits held by Gatecoin. So far, the forensic investigation has identified the wallet addresses used by the hackers:

Ethereum Addresses:

• 0x04786aada9deea2150deab7b3b8911c309f5ed90
• 0xc062dceed93087c9112ff7b02d53e928e49cec09
• 0x1342a001544b8b7ae4a5d374e33114c66d78bd5f
• 0xd4914762f9bd566bd0882b71af5439c0476d2ff6

Bitcoin Transactions:

• 4a1b96b166de37860195af37b6396a0516b009536e0f332006ca61b4fab0cd08
• 2f41b858712149df089c21d4e1c036e0a465335c5a29be38df8e945a51e4d809
• 271c51ff2e6c84c565c94d79872a79d77726fccd47192b6c8f6745f7482e281a
• 435e0cc79372eef5f43d8d81320940165ea1a0828adab3fdb9822a17caffaf2b
• d494c7ca3a03f30c121b02f558b068d3597092454ad325bc320383f070d536bc
• 90622fc9968b79c90a9ac26f11d13d8dd97ba5b7e9c103594873e6306f7357ea

The Gatecoin team greatly appreciates the patience of all users and stakeholders while we work with Tehtri Security to confirm all of the details related to the breach and ensure that our systems can be moved to a new, clean, thoroughly tested, and monitored infrastructure before services can resume.

A bespoke platform designed to enable all Gatecoin clients to withdraw their remaining funds in DAO, DGD, REP, USD, EUR and HKD will be released on May 28, 2016. The exact date when withdrawals for clients’ ETH and BTC funds will be available has yet to be confirmed.

All DGD, REP and DAO funds are secure and Gatecoin has funded the DAO contracts for DAO token holders. 5% of all BTC funds were compromised in the breach, but 95% remain stored in multi-sig cold wallets along with the remaining crypto-assets.

All fiat currency funds held in USD, EUR and HKD are secured in segregated client accounts and can be withdrawn by clients after May 28, 2016.

The Gatecoin team is currently working on raising additional funding to cover the losses of BTC and ETH and hopes to be able to reimburse all customers that have experienced losses as soon as possible.

We sincerely apologize for all the concern experienced by our clients and for the inconvenience caused while clients wait for their fund withdrawals to be processed. Gatecoin would also like to express our gratitude to the community of exchanges that have very kindly volunteered to help identify the parties responsible for the stolen funds.”

Source: Gatecoin

---