Yesterday it was discovered that the Hong Kong based bitcoin and cryptocurrency exchange Gatecoin had been hacked.
Thomas Glucksmann, marketing manager from Gatecoin, told us that Gatecoin is investigating the issue and looking to fix it ASAP, specifically stating that Gatecoin “will cover for the potential losses.” Gatecoin stores 95% of users’ crypto-asset funds in multisig cold storage vaults.
In a new update published on their website today, Gatecoin says that in total the amount of cryptocurrencies that were stolen from the exchange’s hot wallets amounts to the equivalent of $2 million USD. Of that total amount, 250 BTC were stolen, which has the current value of $113,775 USD. In addition 185,000 ETH was stolen, which has the current value of $1.86 million USD.
Gatecoin has sought out the help of Tehtri Security to do a forensic investigation, who helped discover the loss of 15% of their crypto-asset deposits. The announcement went on to say that the breach took place between Monday, May 9, late night HKT, to Thursday evening HKT, 12 May 2016. On Monday night HKT, May 9, Gatecoin experienced a disruption in service caused by a server reboot and so far, they strongly believe that the breach is linked to this event. According to their report, the exchange may have been the victim of a man-in-the-middle attack. The malicious external party involved in this breach, managed to alter their system so that BTC and ETH deposit transfers bypassed the multisig cold storage and went directly to the hacker’s hot wallet during the breach period.
The announcement in full is posted below from the Gatecoin website.
HONG KONG – MAY 14 – Following an initial forensic investigation conducted by a professional cyber security firm, Tehtri Security, the Gatecoin team can confirm that we experienced a breach of our system, and lost 15% of our crypto-asset deposits.
The breach took place between Monday, May 9, late night HKT, to Thursday evening HKT, 12 May 2016. On Monday night HKT, May 9, we experienced a disruption of our service caused by a server reboot and so far, we strongly believe that the breach is linked to this event.
On Friday night HKT, May 13, we detected some suspicious transactions and immediately suspended our services to investigate, and to prevent any more unauthorized access to the ETH and BTC hot wallets.
We have previously communicated the fact that most clients’ crypto-asset funds are stored in multi-signature cold wallets. However, the malicious external party involved in this breach, managed to alter our system so that ETH and BTC deposit transfers by-passed the multi-sig cold storage and went directly to the hot wallet during the breach period. This means that losses of ETH funds exceed the 5% limit that we imposed on our hot wallets.
LOSS OF FUNDS
In total, the hot wallet breach resulted in the loss of ETH 185,000 and BTC 250, which is equivalent to USD 2 million. This represents 15% of total crypto-asset deposits held by Gatecoin. So far, the forensic investigation has identified the wallet addresses used by the hackers:
The Gatecoin team greatly appreciates the patience of all users and stakeholders while we work with Tehtri Security to confirm all of the details related to the breach and ensure that our systems can be moved to a new, clean, thoroughly tested, and monitored infrastructure before services can resume.
A bespoke platform designed to enable all Gatecoin clients to withdraw their remaining funds in BTC, DAO, DGD, REP, USD, EUR and HKD will be released on May 28, 2016. The exact date when withdrawals for clients’ ETH funds has yet to be confirmed.
All DGD, REP and DAO funds are secure and Gatecoin has funded the DAO contracts for DAO token holders. 5% of all BTC funds were compromised in the breach, but 95% remain stored in multi-sig cold wallets along with the remaining crypto-assets.
All fiat currency funds held in USD, EUR and HKD are secured in segregated client accounts and can be withdrawn by clients after May 28, 2016.
The Gatecoin team is currently working on raising additional funding to cover the losses of BTC and ETH and hopes to be able to reimburse all customers that have experienced losses as soon as possible.
We sincerely apologize for all the concern experienced by our clients and for the inconvenience caused while clients wait for their fund withdrawals to be processed. Gatecoin would also like to express our gratitude to the community of exchanges that have very kindly volunteered to help identify the parties responsible for the stolen funds.
We would like to thank again all of our users, partners, and members of the community for the understanding and support they have expressed to us so far.