In what’s been a pivotal past few weeks for those following the growth of The DAO’s token sale and the rise of the price and market cap of ETH, hackers have struck at what seems like the worst possible time for Hong Kong based crypto-asset exchange, Gatecoin. According to a statement released by the team at Gatecoin on the front page of their website, the entire Gatecoin exchange operations will be shut down until at least May 28th for investigation, re-building and inspection of the system.
According to initial investigations into the incident by cyber security firm Tehtri Security, the breach began on May 9 and lasted until May 12. Gatecoin became aware of suspicious transactions happening on their system on May 13. At the beginning of the same week, there had been a server reboot which caused some downtime on the front end of Gatecoin for a few hours. All transactions both in and out of Gatecoin were immediately halted when the suspicious activity was noticed and has been locked down since then.
Contrary to early reports, the damage done was significant, as Gatecoin had initially told customers that only a small amount of customer funds were kept in hot wallets and the large majority of the rest were supposed to have been kept in encrypted cold storage. Further investigation revealed that the hackers who had gained access to the Gatecoin system were able to bypass existing measures to allocate funds to the cold storage and sent many more funds to the hot wallet than should have been originally possible.
In total, 15 percent of Gatecoin’s crypto-asset deposits have been stolen, equalling about $2 million USD. They’ve been able to identify the ETH and BTC wallets which were used by the hackers and are working with the cyber security firm and members of the community in attempting to track down the hackers and lost funds. According to the website, “In total, the hot wallet breach resulted in the loss of ETH 185,000 and BTC 250, which is equivalent to USD 2 million. This represents 15% of total crypto-asset deposits held by Gatecoin.”
CEO of Gatecoin Aurélien Menant stated that there would be a website portal established for users to withdraw remaining funds by May 28th at the earliest. It’s still unclear to users whose funds are missing and whose are not. However, in a tweet from the official Gatecoin Twitter account, users can expect about 90% of ETH to be missing and 5% of BTC to be gone, respectively from each user’s account as of right now. The company plans to reimburse users for their losses as well; however, they have not posted details about how this process will take place yet.
Being one of the few cryptocurrency exchanges that offers the purchase and trading of various Ethereum-based tokens, Gatecoin has stated that all of the tokens and IOU’s issued in their system have been secured and there have been no losses in that regard. All fiat deposits have also been secured as they were in separate storage from the cryptocurrencies when the breach occurred. Updates from Gatecoin should appear on their website’s main page over the coming weeks as more details are released, as well as on their social media accounts on Twitter and Reddit.
Gatecoin isn’t the first cryptocurrency exchange to be hacked; throughout 2015 and 2016, a number of other high-profile services have been targeted by hackers. Most recently, Shapeshift.io has bounced back remarkably well from a malicious breach of their systems, garnering praise for their open and frequent updates on the situation. It appears Gatecoin is attempting to follow suit by being as open and transparent as possible as they work to remedy this matter.
Disclosure: The author of this article currently has financial assets locked within the Gatecoin exchange.