QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$1 390 000 USD
JULY 2020
SPAIN
2GETHER
DESCRIPTION OF EVENTS
"Founded in 2017, 2gether offers a cryptocurrency trading platform within the Eurozone for buying and selling without additional fees. The organization's native coin is the 2GT token, which is -- or, at least, was -- due to be issued during 2020 following a pre-sale in Spain." "2gether is a crypto trading app, in which traders and beginners buy and sell cryptocurrencies at real market price, without added fees, in just one click."
"On July 31, the trading platform was targeted by an unknown group of hackers. These hackers stole over 1.183 million Euros ($1.39M) from the service’s investment accounts in a cyberattack." The hacker "stole 114 BTC and 281 ETH" which "equates to 26.79% of overall funds." "[U]ser passwords were also compromised in the security breach, and it is recommended that users change them."
"“As you know, since last Friday July 31, we’ve been managing an extremely difficult situation which has brought us all a lot of uncertainty, caused by the hacking of a substantial part of all the cryptocurrencies available in the 2gether user accounts.” reads a security breach notification published by the company."
"In a stream of Twitter updates posted by 2together CEO Ramón Ferraz Estrada, the executive was keen to emphasize that general wallets and Euro accounts were not impacted, nor were the financial details of payment cards used to deposit funds." The CEO "pointed out that hackers did not steal the financial details of payment cards used to deposit funds."
"The company is also in the process of implementing security protocols on its platform to prevent another incident." "2together has not revealed how the security incident took place. An investigation is underway to find out how the cyberattackers managed to obtain access to the company's servers, as well as the full extent of the damage caused."
"After implementing several security measures at all levels, 2gether is in the process of hiring an independent auditor and expert in security matters to do an all-encompassing pentest of our system," Ramón Ferra, CEO at 2gether, told HackerNoon. "This will be done once every year and whenever a significant upgrade is made to the platform." "Other improvement measures include upgrading, insurance reinforcement, and increased resources on key risk management areas, including CISO, systems management, and DevOps." "The company did not share the technical details of the attack."
"The bad news is that according to the executives, the company does not have enough funds to refund its users." "As compensation for the stolen funds, the company offered customers its native 2GT token at a price equivalent to 5 cents each." "To cover the loss the team decided to use their 2GT token to reward all users. The token is valued at 5 cents, at the same price as the ICO (Initial Coin Offering), also because it is not listed anywhere and has no market value. For this reason, until it is released on the market, users only have tokens that are worthless and impossible to liquidate."
"The team sat down at a table with investors to reach an agreement, but this was not possible, as the platform does not have enough funds to cover the loss." Eventually, "2gether announced that it is taking an alternate approach to its breach. It is compensating its users to give back the cryptocurrency stolen from their accounts." ""We hope you can see these hard times and adverse events compensated soon, whether you decide to give us the vote of confidence we're asking you for or not," the team added."
"During the interview, Ferraz sent two messages: one for those awaiting the replenishment of funds and the other for those users who would be managing lawsuits. To the first group, he said that raising 1.2 million euros in a pandemic and in the midst of a difficult economic situation is “not easy at all because things take time.” The CEO mentioned that the outlook is more complicated due to the uptrend of the market."
"To the second group he said: «I am not thinking about that, I have not stolen anything from anyone, 2gether had the attack and we have assumed responsibility and we are working with the whole team to solve the problem. Anything other than to recoup losses seems to me to be time badly spent on my part. I think that is not the way for us to recover everything we have lost, my priority is not that. My priority is to be able to close the round »."
"Since the hack, 2gether CEO Ramón Ferraz Estrada said the firm had been working raising €1.2 million (US$1.5 million) to improve the company’s security and risk management, and to replenish the stolen funds." "To raise the capital to execute the plan, 2gether worked with the community, private investors, and partners to generate an equity crowdfunding round, which closed at the legal maximum of €1.5 million, 125 percent of its target." "In the end, 2gether managed to hit the regulated limit of €1.5 million, he said. The raise included voluntary conversion of some of the lost funds into shares and tokens." "The funds raised in the latest round will strengthen the company's security, risk management, and coverage model."
"Addressing customers in a Jan. 25 2021 letter, the CEO said that, due to the recent rise in the value of bitcoin (BTC, +11.87%) and ether (ETH, +26.53%), the company still cannot refund 100% of the stolen assets to 9% of users. However, roughly 5,000 users will receive full refunds of BTC and ETH that was not previously converted."
"2gether’s first move was to compensate 91 percent in the full, native crypto value that was lost at the time of the cyberattack, which is three times the value in euros that users lost at the time of the incident. For the remaining nine percent, 2gether is committed to compensating them with a package that is highly satisfactory. We are presently offering them the best compensation packages the company is able to provide, with a long-term goal of compensating the full value lost in the original cryptocurrency. We estimate that a full refund could take more time, but we always give freedom to our users to choose their best option."
"The remaining nine percent with the highest total value of crypto in their accounts are compensated with a solution that includes at least the value in euros at the time of the cyber-attack and, in most cases, exceeds that value." "Users in the nine percent cohort have two different options for compensation. They can accept 2gether's initial offer for the value of their lost assets in euros at the time of the attack or submit an appeal for a different compensation package." "Customers can choose to either accept or reject the proposal made by 2gether. If the users decide to reject the mentioned solution, the exchange asks them to give the company “more time to try recovering the total amount of funds as soon as possible.”" "[P]er a statement sent to news.Bitcoin.com, 2gether clarified that they’re “aiming to reimburse the full amount for everyone.”"
The 2gether platform refused to disclose the source of the breach of funds, which would suggest that they felt it would impact their credibility.
Typical problems are funds in the hands of one person, or stored in an online system.
The platform has made an attempt to reimburse all affected users, however they are short of the appreciation of the crypto assets, so affected users are still short by some amount.
HOW COULD THIS HAVE BEEN PREVENTED?
It is difficult to prevent an issue which cannot be identified. However, there is no documented case of an offline wallet being breached when multiple signatures of trained individuals are required to release the funds.
Crypto Hacks 2020: A Comprehensive List - ImmuneBytes (May 18)
Crypto Exchange 2gether Says It Can't Fully Reimburse 9% of Users After 2020 Hack - CoinDesk (May 24)
2gether hacked: €1.2m in cryptocurrency stolen, native tokens offered in exchange | ZDNet (May 24)
@monchoferraz Twitter (May 24)
@2gether_global Twitter (May 24)
2gether compensates for its crypto cyber-attack losses | Hacker Noon (May 24)
Hackers stole €1.2m worth of cryptocurrency from 2getherSecurity Affairs (May 24)
Spanish Crypto Exchange 2gether Won't Reimburse All Stolen Funds From the 2020 Hack – Exchanges Bitcoin News (May 24)
Crypto Exchange 2Gether Says It Can't Fully Reimburse 9% of Users After 2020 Hack (May 24)
Crypto Exchange 2gether Says It Can’t Fully Reimburse 9% of Users After 2020 Hack (May 24)
2gether loses funds due to a hack - The Cryptonomist (May 24)
"Give back the bitcoins", 2gether users ask for speed after hack - Archyde (May 24)
2Gether Disclosed a Security Breach (May 24)
CipherTrace Cryptocurrency Crime and Anti-Money Laundering Report 2020 (Jun 20)
SlowMist Hacked - SlowMist Zone (Jun 26)
