HONG KONG – MAY 14 – Following an initial forensic investigation conducted by a professional cyber security firm, Tehtri Security, the Gatecoin team can confirm that we experienced a breach of our system, and lost 15% of our crypto-asset deposits.
The breach took place between Monday, May 9, late night HKT, to Thursday evening HKT, 12 May 2016. On Monday night HKT, May 9, we experienced a disruption of our service caused by a server reboot and so far, we strongly believe that the breach is linked to this event.
On Friday night HKT, May 13, we detected some suspicious transactions and immediately suspended our services to investigate, and to prevent any more unauthorized access to the ETH and BTC hot wallets.
We have previously communicated the fact that most clients’ crypto-asset funds are stored in multi-signature cold wallets. However, the malicious external party involved in this breach, managed to alter our system so that ETH and BTC deposit transfers by-passed the multi-sig cold storage and went directly to the hot wallet during the breach period. This means that losses of ETH funds exceed the 5% limit that we imposed on our hot wallets.
Loss of Funds
In total, the hot wallet breach resulted in the loss of ETH 185,000 and BTC 250, which is equivalent to USD 2 million. This represents 15% of total crypto-asset deposits held by Gatecoin. So far, the forensic investigation has identified the wallet addresses/ transactions used by the hackers:
Ethereum Addresses:
0x04786aada9deea2150deab7b3b8911c309f5ed90
0xc062dceed93087c9112ff7b02d53e928e49cec09
0x1342a001544b8b7ae4a5d374e33114c66d78bd5f
0xd4914762f9bd566bd0882b71af5439c0476d2ff6
Bitcoin Transactions:
4a1b96b166de37860195af37b6396a0516b009536e0f332006ca61b4fab0cd08
2f41b858712149df089c21d4e1c036e0a465335c5a29be38df8e945a51e4d809
271c51ff2e6c84c565c94d79872a79d77726fccd47192b6c8f6745f7482e281a
435e0cc79372eef5f43d8d81320940165ea1a0828adab3fdb9822a17caffaf2b
d494c7ca3a03f30c121b02f558b068d3597092454ad325bc320383f070d536bc
90622fc9968b79c90a9ac26f11d13d8dd97ba5b7e9c103594873e6306f7357ea
The Gatecoin team greatly appreciates the patience of all users and stakeholders while we work with Tehtri Security to confirm all of the details related to the breach and ensure that our systems can be moved to a new, clean, thoroughly tested, and monitored infrastructure before services can resume.
A bespoke platform designed to enable all Gatecoin clients to withdraw their remaining funds in BTC, DAO, DGD, REP, USD, EUR and HKD will be released on May 28, 2016. The exact date when withdrawals for clients’ ETH funds has yet to be confirmed.
All DGD, REP and DAO funds are secure and Gatecoin has funded the DAO contracts for DAO token holders. 5% of all BTC funds were compromised in the breach, but 95% remain stored in multi-sig cold wallets along with the remaining crypto-assets.
All fiat currency funds held in USD, EUR and HKD are secured in segregated client accounts and can be withdrawn by clients after May 28, 2016.
The Gatecoin team is currently working on raising additional funding to cover the losses of BTC and ETH and hopes to be able to reimburse all customers that have experienced losses as soon as possible.
We sincerely apologize for all the concern experienced by our clients and for the inconvenience caused while clients wait for their fund withdrawals to be processed. Gatecoin would also like to express our gratitude to the community of exchanges that have very kindly volunteered to help identify the parties responsible for the stolen funds.
All future updates will be released on Twitter, Reddit and our homepage.
We would like to thank again all of our users, partners, and members of the community for the understanding and support they have expressed to us so far.
Aurélien Menant
CEO, Gatecoin
Известная криптовалютная биржа Gatecoin ушла в офлайн после атаки хакеров, в результате которой лишилась средств с части кошельков.
По словам CEO компании Аурелина Менанта, в результате инцидента биржа утратила контроль над принадлежащими ей биткоинами и токенами Ether, в то же время токены DigixDAO, Augur и проектов ДАО остаются в безопасности.
Как написал Менант в Slack, точная сумма утерянных средств пока остаётся неясной, однако речь идёт о «больших суммах». По неподтверждённым слухам, потери Gatecoin могут достигать $2 млн.
В опубликованном в Twitter заявлении Gatecoin говорится:
«Вчера вечером мы заподозрили предположительную утечку средств с наших горячих кошельков. Для минимизации дальнейших потерь мы приняли решение остановить работу биржи и в настоящий момент проводим детальное расследование причин случившегося. Вы можете быть уверенными, что мы сделаем всё возможное для установления причин инцидента и скорейшего устранения проблемы. Также мы возместим пользователям возможные потери. 95% средств пользователей держатся в холодных хранилищах с функцией мультиподписи».
В апреле Gatecoin добавила поддержку токенов Slock.it и Digix DAO, также биржа была одной из площадок, через которую пользователи могли принять участие в проводимом The Ethereum Foundation краудсейле ДАО.