Gatecoin Hack: Difference between revisions

Latest revision as of 16:53, 10 May 2024

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Gatecoin Homepage/Logo

Gatecoin was one of the first regulated digital asset exchanges. This didn’t stop the hack of 185,000 ETH and 250 BTC. According to a forensic analysis, the exchange may have been the victim of a man-in-the-middle attack. The malicious external party involved in this breach managed to alter their system so that BTC and ETH deposit transfers bypassed the multisig cold storage and went directly to the hacker’s wallet during the breach period. The company fired their CTO, managed to raise $500k in order to reopen, and ultimately repaid all customers. They were saved by maintaining large cold wallet reserves which appear to have been properly stored, and appear to have dealt with the issue transparently. Having hot wallet insurance would have further assisted with the recovery. A system like Proof of Reserves or an automated alert system could have allowed the issue to be noted sooner.

This exchange or platform is based in Hong Kong, or the incident targeted people primarily in Hong Kong.^[1]

About Gatecoin

Established in 2013 by individuals with backgrounds in investment banking including Aurelien Menant^[2], Gatecoin operated as a regulated exchange^[3] primarily focused on Bitcoin and Ethereum markets^[4]. The platform aimed to offer a user-friendly experience facilitating trading and investment in cryptocurrency and blockchain assets for individuals and institutions worldwide^[3]. Their proprietary trading platform prioritized security, reliability, and cost-effective transfers^[5]. The exchange platform facilitated seamless trading with BTC/USD, BTC/EURO, and BTC/HKD trading pairs^[5].

The platform promises deep liquidity through a market maker rebate program and features an instant buy/sell option for seamless currency swaps^[6]. The exchange allows users to trade Bitcoin against USD, Euro, and HKD, with plans to integrate Ripple into its platform soon^[7]. Users can easily buy and sell bitcoin, ether (Ethereum), and DAO tokens worldwide with various fiat currencies, benefiting from public live-data streaming, a fully documented REST API, and dedicated customer support^[6]. The exchange's trading system is decentralized, modular, scalable, and highly secured, employing bank-grade security procedures and segregated client accounts^[6]. Moreover, Gatecoin offers a smart and mobile-optimized interface for intuitive trading experiences, continually enhancing its platform for user convenience and efficiency^[6].

Gatecoin Exchange was the sole regulated bitcoin exchange operating in Hong Kong^[6], catering to traders globally^[5]. Gatecoin emphasized compliance and transparency, boasting KYC and AML processes supported by a major compliance solutions provider^[6]. As a licensed Hong Kong Money Service Operator (MSO), they upheld stringent KYC & AML compliance measures^[3]. Additionally, leveraging their international payments network, they provided fiat currency transfers in HKD, EUR, USD, and AUD^[3].

Aurélien Menant was the CEO of Gatecoin through 2015 and 2016^[8]. In 2015, Gatecoin launched a new Bitcoin exchange which featured robust security measures^[7]. Looking ahead from 2015, Gatecoin expressed aims to expand its business to the US and Europe, focusing on obtaining the necessary licenses and developing innovative digital currency trading services and payment methods to enhance user experience^[7]. Gatecoin planned the introduction of a white-labeled debit card that could be reloaded instantly online using bitcoins, providing users with a convenient way to spend their digital currency worldwide without incurring foreign transaction fees^[7]. Gatecoin has expanded to include Litecoin and Tezor, as well as hosting tokens of decentralized applications (dApps) built on the Ethereum blockchain^[2].

On the new platform, user funds were protected by segregated client bank accounts safeguarding cash deposits across over 40 countries^[5], ensuring that clients' funds were kept separate from operational expenses, minimizing counterparty risks^[7]. These measures also included multi-signature cold storageand continuous monitoring by an external IT security firm^[7]. The company emphasized its commitment to regulatory compliance, operating under a Hong Kong Money Service Operator license and adhering to AML/KYC rules^[7].

Despite limited customer support options and a niche focus on Ethereum-based markets, Gatecoin's stringent compliance and security standards make it appealing to traditional investors seeking a regulated exchange^[2]. However, those prioritizing privacy and anonymity may find Gatecoin less suitable. Overall, Gatecoin received a rating of 3.5 out of 5 from Unblock.net^[2].

Screenshot:^[9]

The Reality

The Gatecoin server infrastructure was insecure against outside vulnerabilities. It would also appear that Gatecoin was not monitoring their balance integrity on an ongoing basis, and was unaware of an intrusion into their system for several days at the time.

What Happened

Between May 9th and May 12th, 2016, funds sent to Gatecoin were diverted to an external wallet controlled by an attacker.

Key Event Timeline - Gatecoin Hack
Date	Event	Description
January 30th, 2015 4:10:26 AM MST	Segregated Bank Account Launch	CoinTelegraph announces that Hong-Kong based Gatecoin Limited has launched a new Bitcoin exchange with stringent security measures, including segregated client bank accounts, multi-signature cold storage, and continuous monitoring and audit by an external IT security firm^[7]. Segregated bank accounts ensure that clients' funds are kept separate from operational expenses, minimizing counterparty risks. Gatecoin CEO Aurélien Menant emphasized the rarity of this practice in the crypto space, stating that it dramatically reduces risks for clients^[7]. The company, operating with a Hong Kong Money Service Operator license and complying with AML/KYC rules, has secured a unique banking structure due to its regulatory compliance^[7]. Gatecoin offers trading in Bitcoin against USD, Euro, and HKD, with plans to integrate Ripple into its platform soon. Additionally, it is introducing a white-labeled debit card, usable worldwide without foreign transaction fees, reloadable with bitcoins online instantly^[7]. Gatecoin aims to expand its services to the US and Europe, focusing on obtaining necessary licenses and developing innovative trading services and payment methods to enhance customer experience^[7].
May 9th, 2016 1:38:25 AM MDT	Bitcoin Transaction	One of the bitcoin transactions involved in the theft for 12 BTC^[10].
May 9th, 2016 4:01:19 AM MDT	Bitcoin Transaction	One of the bitcoin transactions involved in the theft for 1 BTC^[11].
May 9th, 2016 5:29:24 AM MDT	Bitcoin Transaction	One of the bitcoin transactions involved in the theft for 200 BTC^[12].
May 9th, 2016 12:14:07 PM MDT	Bitcoin Transaction	One of the bitcoin transactions involved in the theft for 45.6 BTC^[13].
May 9th, 2016 12:23:11 PM MDT	Bitcoin Transaction	A smaller bitcoin transaction involved in the theft for 6.18 BTC^[14].
May 9th, 2016 12:38:16 PM MDT	Bitcoin Transaction	A smaller bitcoin transaction involved in the theft for 2.12 BTC^[15].
May 9th, 2016 1:54:26 PM MDT	Palantine King Downtime Post	Palantine King posts on their website noting that Gatecoin, a significant player in DGD trading volumes which they actively trade, abruptly went offline after displaying a maintenance page for an hour^[16]. Despite calls for tweet updates during the maintenance, none were provided, fueling speculation of a hack^[16]. While the hack remains unconfirmed, early indicators suggest it as a likely scenario^[16]. Given Gatecoin's substantial role in DGD trading, the incident could have significant consequences for DGD's price, particularly if hackers engage in unbalanced selling^[16]. The situation is unfolding, and further updates are awaited^[16].
May 9th, 2016 2:30:43 PM MDT	Reddit Downtime Discussion	Palantine King posts their concerns about the Gatecoin downtime on Reddit^[17]. One user expressed that they are also having trouble with a withdrawal which hasn't come through yet^[17].
May 9th, 2016	Breach Begin	The reported date that that breach began^[18] at "late night HKT"^[8]. There was a "disruption of [the Gatecoin] service caused by a server reboot"^[8]. They "strongly believe that the breach is linked to this event"^[8].
May 10th, 2016 10:04:00 AM MDT	Palantine King False Alarm	Palantine King posts the final update to their website, concluding that there was no problem with the Gatecoin exchange other than a temporary server outage, based largely on official information received from Gatecoin^[16].
May 12th, 2016	Breach Ended	The reported date that the breach ended on "Thursday evening HKT"^[8].
May 13th, 2016	Cited Date	The date of the hack cited by Kyle Gibson^[19]. On "Friday night HKT" is when the team "detected some suspicious transactions and immediately suspended [thei]r services to investigate"^[8].
May 13th, 2016 4:50:00 PM MDT	CoinDesk Article Released	CoinDesk reports that Gatecoin faces turmoil after reportedly experiencing a hack, resulting in losses from its connected wallets^[20]. CEO Aurélien Menant confirmed the incident and assured users of efforts to refund customers affected by the breach^[20]. Users are faced with uncertainty and concern regarding the security of their funds^[20]. Gatecoin's assurance of conducting a full forensic investigation to identify the root cause of the issue is a positive step, but the timeline for resolution and the extent of the losses remain unclear^[20].
May 14th, 2016 5:22:56 AM MDT	Official Statement Released On Reddit	In a Reddit post, Gatecoin confirmed a breach of its system resulting in the loss of 15% of its crypto-asset deposits, valued at approximately $2 million^[8]. The breach occurred between May 9 and May 12, 2016, with suspicious transactions detected on May 13 prompting the suspension of services. Despite storing most funds in multi-signature cold wallets, hackers bypassed this security measure, diverting ETH and BTC deposits to hot wallets during the breach. Gatecoin plans to release a platform for clients to withdraw remaining funds by May 28, 2016, with the exact date for ETH withdrawals pending confirmation. The exchange assures the security of DGD, REP, and DAO funds, while working to raise additional funds to reimburse affected customers. Gatecoin expresses gratitude for community support and pledges to provide updates via Twitter, Reddit, and its homepage^[8].
May 14th, 2016 5:37:00 AM MDT	Official Statement On Twitter and Homepage	An update is provided on Twitter, which links to the Gatecoin homepage as an official statement about the hack^[21]. The Gatecoin homepage is later captured providing an official statement about the breach. Loss figures are provided as 15% of its crypto-asset deposits, totaling ETH 185,000 and BTC 250 (equivalent to USD 2 million) between May 9 and May 12, 2016^[22]. The breach occurred due to a system alteration that allowed ETH and BTC deposits to bypass multi-signature cold storage and go directly to the hot wallet^[22]. The compromised wallet addresses and Bitcoin transactions have been identified^[22]. Gatecoin suspended its services upon detecting suspicious transactions and is working with Tehtri Security to investigate the breach thoroughly^[22]. A platform enabling clients to withdraw remaining funds in various currencies will be released, and efforts are underway to raise additional funding to cover losses and reimburse affected customers^[22]. Gatecoin expresses gratitude for the community's support and pledges to provide updates through various channels^[22].
May 16th, 2016 3:11:00 AM MDT	Gatecoin on Withdrawal Of REP Tweet	A Gatecoin agent account responds to a customer inquiry about the ability to withdraw the REP tokens from their account^[23]. They note that they are planning to build a custom interface to facilitate these withdrawals by March 28th^[23].
May 16th, 2016 10:27:00 AM MDT	CoinDesk Article On Breach	CoinDesk reports that Gatecoin has disclosed the cyberattack on its hot wallets, with the loss of funds estimated at $2 million^[18]. The breach, believed to have begun on May 9th and continued for three days, led to the theft of 185,000 ethers and 250 bitcoins. Gatecoin acknowledged that its security measures, including multi-signature cold wallets, were compromised, allowing funds to bypass cold storage and go directly to hot wallets during the breach. The incident coincided with TheDAO's crowdsale, raising concerns about the security of Ethereum-based tokens^[18]. Gatecoin plans to establish a portal for withdrawing DAO-related tokens in two weeks but did not specify a timeline for processing bitcoin and ether withdrawals^[18].
May 18th, 2016 9:50:02 AM MDT	Homepage 404 Error	The present homepage is captured displaying a 404 error^[24].
May 20th, 2016 1:36:34 AM MDT	Update Post Made	Gatecoin provides an update regarding the hot wallet breach investigation, fund withdrawals, and frequently asked questions (FAQ) through Reddit and Twitter^[25]^[26]. The company expresses sincere apologies for the breach and appreciates the patience of clients and the community^[26]. Notably, client data remains safe, and the investigation is ongoing with cooperation from authorities^[26]. Progress has been made in fundraising efforts, aiming to reimburse stolen ETH and BTC funds^[26]. Gatecoin offers a bounty for the return of stolen funds and addresses various user concerns through the FAQ section, promising updates on withdrawal availability, DGD token safety, and exchange relaunch plans^[26]. CEO Aurélien Menant signs off with gratitude for continued patience and understanding from users^[26].
May 28th, 2016 4:31:00 AM MDT	Withdrawal Platform Update Post Made	The original Reddit announcement promised a withdrawal site would be made available on May 28th^[8]. The promised withdrawals were for remaining funds in BTC, DAO, DGD, REP, USD, EUR and HKD^[8]. Gatecoin provides a comprehensive update on several key aspects of their recovery plan, including the securing of The DAO tokens, launch of the withdrawal platform, status of ETH funds, REP withdrawals, and plans for re-launching the exchange^[27]^[28]. All DAO tokens have been secured for withdrawals, and clients can now withdraw their funds in various currencies^[27]. The exchange is finalizing a funding agreement to cover stolen ETH funds, facilitating withdrawals pending cash exchange from the bond^[27]. REP withdrawals are awaiting transfers to be enabled on the Augur network^[27]. Gatecoin's re-launch is contingent upon resolving withdrawal issues^[27]. The update also includes a detailed FAQ on using the withdrawal platform and addresses concerns about fund security and exchange re-launch^[27]. CEO Aurélien Menant expresses gratitude for the community's patience and support during this challenging period^[27].
June 20th, 2016 2:07:35 AM MDT	Freezing Ethereum Wallets	A Reddit thread discusses freezing the hacker's ethereum wallet addresses, since they are known at the time^[29].
September 15th, 2017	Gatecoin Banking Freeze	Gatecoin bank accounts are frozen without prior notice being provided^[30]. Details about the suspension were not provided in a phone call the exchange received from a Hang Seng Bank representative at the time^[31].
November 20th, 2017 4:46:00 AM MST	CoinTelegraph Banking Freeze Report	CoinTelegraph reports on Gatecoin losing its banking services^[30]. Despite the surge in customer base and Bitcoin price rally, Gatecoin experienced a banking freeze in September without prior notice, forcing it to seek foreign banking support to continue operations^[30]. This incident highlights the challenges faced by cryptocurrency businesses in accessing banking services, with many relying on foreign banks to operate amidst domestic restrictions^[30]. Additionally, the resistance from Hong Kong's banking sector contrasts with its interest in blockchain technology, as evidenced by the participation of twenty local banks in a trade network with Singapore utilizing blockchain^[30].
March 2nd, 2019 11:00:14 PM MST	Bloomberg Banking Services Issues	Using Gatecoin as an example, Bloomberg reports that crypto companies are facing challenges in accessing basic banking services from mainstream institutions like HSBC and JPMorgan Chase, despite attracting investments from large institutions^[32]. This issue persists globally, from New York to Hong Kong, hindering the growth and development of the digital-assets industry^[32].
March 13th, 2019 12:26:16 PM MDT	Reddit Thread On Bankruptcy	A Reddit thread discusses a liquidation of Gatecoin^[33]. Users are frustrated and unable to access their funds^[33]. Some users suspect foul play, while others scramble to recover whatever they can^[33]. The situation sparks a mix of anger, desperation, and a few glimmers of hope for resolution^[33].
March 14th, 2019 8:50:00 AM MDT	CoinTelegraph Article On Bankruptcy	CoinTelegraph reports that following ongoing banking problems and a tumultuous history marked by a major hack in May 2016, Hong Kong-based cryptocurrency exchange Gatecoin has been ordered to undergo compulsory liquidation^[34]. The exchange, which lost around $2 million in cryptocurrencies during the hack, announced its winding-up order on March 13, leading to an immediate cessation of operations. Gatecoin attributed its financial difficulties to issues with a Payment Service Provider (PSP), which it claimed failed to process transfers promptly, causing substantial losses and ultimately rendering the exchange unable to sustain its operations^[34]. Despite efforts to recover funds and mitigate losses, Gatecoin's struggles persisted, leading to its final liquidation^[34].
March 14th, 2019 7:00:17 PM MDT	CoinDesk Article On Bankruptcy	CoinDesk reports that Hong Kong-based cryptocurrency exchange Gatecoin is set to cease operations and enter liquidation following a prolonged struggle to recover funds lost amid a dispute with a former payment services provider^[35]. The announcement, made via the company's website, cited ongoing banking issues since September 2018 as a primary reason for the shutdown^[35]. Despite efforts to resume operations with alternative processors and banks, Gatecoin faced insurmountable challenges, leading to a court order to wind up immediately^[35]. The exchange assured customers of its intent to distribute remaining assets to creditors but left uncertainties regarding reimbursement for those affected by the 2016 cyberattack that resulted in the loss of significant cryptocurrency holdings^[35].
April 1st, 2019 2:45:11 AM MDT	TheNextWeb Article	TheNextWeb reports on Gatecoin has finally met its demise as liquidators take control of the company after facing a series of hacking incidents and banking troubles^[4]. Established in 2013 in Hong Kong, Gatecoin primarily focused on Bitcoin and Ethereum markets. However, in 2016, it suffered a significant loss of 185,000 ETH and 250 BTC due to a hack on its hot wallets, followed by banking disruptions in 2017 when its Hong Kong-based accounts were frozen^[4]. With the appointment of official liquidators, Gatecoin's journey comes to a definitive end, marking the closure of one of the pioneering exchanges in the cryptocurrency landscape^[4].

Technical Details

The breach occurred due to a system alteration that allowed ETH and BTC deposits to bypass multi-signature cold storage and go directly to the hot wallet^[22].

Breach Of Multi-Signature Systems

^[18]

"We have previously communicated the fact that most clients’ crypto-asset funds are stored in multi-signature cold wallets. However, the malicious external party involved in this breach, managed to alter our system so that ETH deposit transfers by-passed the multi-sig cold storage and went directly to the hot wallet during the breach period. This means that losses of ETH funds exceed the 5% limit that we imposed on our hot wallets."

Wallets Used By Thief

The forensic examination identified several wallets and transactions which were involved in the theft^[8]:

Wallet 0x1HnJry8tmN4BW5UFqYR8L4xWgtJZ7ghExU (Unmentioned)
- Transaction 2f41b858712149df089c21d4e1c036e0a465335c5a29be38df8e945a51e4d809^[12]
Wallet 0x04786aada9deea2150deab7b3b8911c309f5ed90
Wallet 0xc062dceed93087c9112ff7b02d53e928e49cec09
Wallet 0x1342a001544b8b7ae4a5d374e33114c66d78bd5f
- Transaction 4a1b96b166de37860195af37b6396a0516b009536e0f332006ca61b4fab0cd08^[13]
Wallet 0xd4914762f9bd566bd0882b71af5439c0476d2ff6
Wallet 0x132ymu2ufMP3mDCo9qwKc173PV2Bbm4T2g (Unmentioned)
- Transaction d494c7ca3a03f30c121b02f558b068d3597092454ad325bc320383f070d536bc^[10]
- Transaction 90622fc9968b79c90a9ac26f11d13d8dd97ba5b7e9c103594873e6306f7357ea^[11]
- Transaction 271c51ff2e6c84c565c94d79872a79d77726fccd47192b6c8f6745f7482e281a^[14]
- Transaction 435e0cc79372eef5f43d8d81320940165ea1a0828adab3fdb9822a17caffaf2b^[15]

Total Amount Lost

On May 14th, Gatecoin announced that the losses were 15% of their client funds with a total of 185,000 ETH and 250 BTC reported^[8]. News sources such as CoinDesk and TheNextWeb reported the full loss amount^[18]^[4].

Kyle Gibson reported only the amount at 250 bitcoin, with an estimated value of $2,500,000 USD^[19]. The theft of any Ethereum amount was not mentioned in his report^[19].

Gatecoin stated that the lost cryptocurrency was "equivalent to USD 2 million" in their Reddit post^[8]. According to CoinTelegraph, the amount lost "during the hack" was "around $2 million in cryptocurrencies"^[34]. CoinDesk estimated that amount as $2.14m at "press time"^[18].

Table Of Reported Theft Transactions
BTC	Transaction	Wallet
12	d494c7ca3a03f30c121b02f558b068d3597092454ad325bc320383f070d536bc	132ymu2ufMP3mDCo9qwKc173PV2Bbm4T2g
1	90622fc9968b79c90a9ac26f11d13d8dd97ba5b7e9c103594873e6306f7357ea	132ymu2ufMP3mDCo9qwKc173PV2Bbm4T2g
200	2f41b858712149df089c21d4e1c036e0a465335c5a29be38df8e945a51e4d809	1HnJry8tmN4BW5UFqYR8L4xWgtJZ7ghExU
45.6	4a1b96b166de37860195af37b6396a0516b009536e0f332006ca61b4fab0cd08	1342a001544b8b7ae4a5d374e33114c66d78bd5f
6.18	271c51ff2e6c84c565c94d79872a79d77726fccd47192b6c8f6745f7482e281a	132ymu2ufMP3mDCo9qwKc173PV2Bbm4T2g
2.12	435e0cc79372eef5f43d8d81320940165ea1a0828adab3fdb9822a17caffaf2b	132ymu2ufMP3mDCo9qwKc173PV2Bbm4T2g

The total amount lost has been estimated at $2,500,000 USD.

Immediate Reactions

Gatecoin promptly shut down its exchange and ports after suspecting a potential leak in its hot wallets and started an investigation^[20]. Gatecoin communicated with its users through various channels, including Slack and Twitter^[20]. CEO Aurélien Menant provided updates via Slack, informing users about the incident and the measures being taken to address it^[20]. Gatecoin provided updates on the status of its website through Twitter, informing users about the high risk of a leak in some of its hot wallets and the decision to take the website offline as a precautionary measure^[20].

Forensic Security Examination

The platform initiated a full forensic investigation to identify the root cause of the issue and determine the extent of the breach^[20]. Gatecoin involved the services of third party Tehtri Security to conduct a forensic examination^[8].

CoinDesk Article and Statement

CoinDesk was one of the first to report on the hack^[20]. Gatecoin issued a statement to CoinDesk, acknowledging the suspected leak in its hot wallets and the decision to shut down the exchange and ports as a precautionary measure^[20]. The statement outlined the ongoing forensic investigation and the exchange's commitment to minimizing further potential losses^[20].

"News emerged last week of yet another security event in the digital currency exchange ecosystem, this time impacting a Hong Kong-based service involved in the sale of assets related to Ethereum-based decentralized autonomous organizations (DAOs). As reported on Friday, Gatecoin experienced a cyberattack on its hot wallets that resulted in the loss of funds. A new update from the exchange team indicated that as much as $2m was lost, confirming rumors that circulated soon after the hack became apparent."^[19]

Updates To Homepage

An update was provided on the Gatecoin homepage. It highlighted the loss of 15% of its crypto-asset deposits, totaling USD 2 million in Ethereum and Bitcoin, between May 9 and May 12, 2016^[22]. This breach was attributed to a system alteration that allowed deposits to bypass multi-signature cold storage and go directly to the hot wallet^[22]. In response, Gatecoin suspended its services, initiated a forensic investigation with Tehtri Security, and identified the compromised wallet addresses and Bitcoin transactions^[22]. To mitigate the impact on users, Gatecoin plans to release a bespoke platform for fund withdrawals and is working to raise additional funding to cover losses and reimburse affected customers^[22]. They express gratitude for the community's support and pledge to provide updates through various communication channels^[22]. The homepage later appeared to be offline with a 404 error^[24].

Official Statement On Reddit

On May 14th, a day after noticing the suspicious transactions and shutting down their services, Gatecoin issued a public statement through Reddit^[8].

The Gatecoin team greatly appreciates the patience of all users and stakeholders while we work with Tehtri Security to confirm all of the details related to the breach and ensure that our systems can be moved to a new, clean, thoroughly tested, and monitored infrastructure before services can resume.
We sincerely apologize for all the concern experienced by our clients and for the inconvenience caused while clients wait for their fund withdrawals to be processed. Gatecoin would also like to express our gratitude to the community of exchanges that have very kindly volunteered to help identify the parties responsible for the stolen funds.

Ultimate Outcome

Gatecoin emphasized regulatory compliance and security, offering segregated client accounts and employing industry-standard security measures post a 2016 hack^[2]. Gatecoin experienced significant banking disruptions in 2017, and ultimately entered bankruptcy in 2019. The exchange is remembered in various historical records.

May 20th Update Provided

On May 20th, Gatecoin provided a further update for users via Reddit^[26] and Twitter^[25]. They again expressed sincere apologies to clients and the community while detailing ongoing efforts to secure funds and compensate affected users^[26]. They assured that all client data remains safe and secure, with an ongoing investigation in collaboration with law enforcement agencies^[26]. Gatecoin has returned all deposits made after the service suspension, made significant progress in fundraising, and offered a bounty for the return of stolen funds^[26]. They addressed FAQs regarding withdrawals, the safety of DGD tokens, fiat currency withdrawals, and the timeline for relaunching the exchange^[26]. Regular updates will be provided via Twitter, Reddit, and email, with major updates shared on their homepage^[26]. CEO Aurélien Menant expressed gratitude for patience and understanding during this challenging time^[26].

May 28th Update Provided

Gatecoin provides a further update on Reddit^[27]. Since the previous update, several significant changes and developments have occurred:

Securing The DAO tokens: Gatecoin has successfully secured all DAO tokens for withdrawals following the end of The DAO creation phase^[27].
Launch of Withdrawals Platform: The withdrawal platform has been launched, allowing clients to withdraw their funds in various currencies, including BTC, DGD, DAO, HKD, USD, and EUR^[27].
Status of ETH Fund Withdrawals: Gatecoin is in the final stages of receiving funding to cover stolen ETH funds. Once fully received, they will exchange the cash for ETH to facilitate ETH withdrawals within the next two weeks^[27].
Gatecoin USD 3 million Bond: Gatecoin is issuing a USD 3 million bond to ensure speedy reconciliation for the stolen ETH funds. Several investors are participating in the bond sale^[27].
Status of REP Withdrawals: REP withdrawals are pending transfers to be enabled on the Augur network, with updates expected soon^[27].
Re-launch of Gatecoin Exchange: Gatecoin's re-launch is still pending, with the focus remaining on resolving withdrawal issues and ensuring fund security. The exact date of the re-launch is yet to be confirmed^[27].

Overall, significant progress has been made in securing funds, launching the withdrawal platform, and finalizing arrangements for covering stolen ETH funds. However, the exchange is still working on resolving certain technical challenges and awaiting further developments before re-launching the platform^[27].

Once again, we would like to express our sincere gratitude to all our clients and the community for your patience and support over the last two weeks.
This unfortunate and unexpected breach has been a major setback for us, and looked to destroy everything we’ve worked hard to build over the last three years.
We are aware of the long term costs this breach will have on our reputation and your trust in our service and appreciate your frustrations and concerns over the status of your fund withdrawals since the breach occurred. We hope that today’s news will encourage you to regain some confidence in us.

Banking Disruptions in 2017

Gatecoin experienced banking disruptions in September 2017^[31] when its Hong Kong-based bank accounts at Hang Seng Bank^[31] were frozen^[4] without any prior notice^[30]. The bank representative who phoned with the news was not able to provide details about the suspension at the time^[31]. The exchange subsequently moved to use a foreign bank based in Singapore^[30]^[31].

Exchange Enters Bankruptcy

Hong Kong-based cryptocurrency exchange Gatecoin was reportedly ordered to undergo compulsory liquidation on March 13th, 2019, although the court issuing the order was not specified^[35]^[34]. The exchange announced its winding-up order on March 13, leading to an immediate cessation of operations^[34]. Gatecoin attributed its financial difficulties to issues with a Payment Service Provider (PSP), which it claimed failed to process transfers promptly, causing substantial losses and ultimately rendering the exchange unable to sustain its operations^[34]. TheNextWeb reported on April 1st that Gatecoin had finally met its demise as liquidators take control of the company after facing a series of hacking incidents and banking troubles^[4]. Despite efforts to recover funds and mitigate losses, Gatecoin's struggles persisted, leading to its final liquidation^[34]. With the appointment of official liquidators, Gatecoin's journey comes to a definitive end, marking the closure of one of the pioneering exchanges in the cryptocurrency landscape^[4].

CoinDesk reports that Hong Kong-based cryptocurrency exchange Gatecoin is set to cease operations and enter liquidation following a prolonged struggle to recover funds lost amid a dispute with a former payment services provider. The announcement, made via the company's website, cited ongoing banking issues since September 2018 as a primary reason for the shutdown^[35]. Despite efforts to resume operations with alternative processors and banks, Gatecoin faced insurmountable challenges, leading to a court order to wind up immediately^[35]. The exchange assured customers of its intent to distribute remaining assets to creditors but left uncertainties regarding reimbursement for those affected by the 2016 cyberattack that resulted in the loss of significant cryptocurrency holdings^[35].

Inclusion On Hack Lists

The attack was included on lists put together by Kyle Gibson^[19], BitcoinExchangeGuide.com^[36], and SlowMist^[37].

Total Amount Recovered

Gatecoin reassured users from the start that it would seek to refund customers following the loss^[20]. While the CEO initially indicated uncertainties regarding the exact amount of funds taken, Gatecoin affirmed its intention to refund affected users^[20].

Ongoing Developments

The Gatecoin platform declared bankruptcy in 2017.

Individual Prevention Policies

When using any third party custodial platform (such as for trading), it is important to verify that the platform has a full backing of all assets, and that assets have been secured in a proper multi-signature wallet held by several trusted and trained individuals. If this can't be validated, then users should avoid using that platform. Unfortunately, most centralized platforms today still do not provide the level of transparency and third party validation which would be necessary to ensure that assets have been kept secure and properly backed. Therefore, the most effective strategy at present remains to learn proper self custody practices and avoid using any third party custodial platforms whenever possible.

Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.

Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.

Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

↑ https://twitter.com/search?q=(from%3AGatecoin)%20until%3A2016-06-01%20since%3A2016-05-06&src=typed_query
↑ ^2.0 ^2.1 ^2.2 ^2.3 ^2.4 Gatecoin Review - Unblock.net (Accessed Apr 26, 2024)
↑ ^3.0 ^3.1 ^3.2 ^3.3 Gatecoin: A regulated bitcoin and ethereum token exchange - Fintastico (Accessed Apr 26, 2024)
↑ ^4.0 ^4.1 ^4.2 ^4.3 ^4.4 ^4.5 ^4.6 ^4.7 Liquidators put the final nail in Gatecoin’s coffin - TheNextWeb (Feb 3, 2020)
↑ ^5.0 ^5.1 ^5.2 ^5.3 Gatecoin Exchange - SideProjectors (Accessed Apr 26, 2024)
↑ ^6.0 ^6.1 ^6.2 ^6.3 ^6.4 ^6.5 Gatecoin Homepage Archive May 5th, 2016 6:39:51 AM MDT (Accessed Apr 18, 2024)
↑ ^7.00 ^7.01 ^7.02 ^7.03 ^7.04 ^7.05 ^7.06 ^7.07 ^7.08 ^7.09 ^7.10 ^7.11 Gatecoin Launches Bitcoin Exchange with ‘Segregated Bank Accounts’ - CoinTelegraph
↑ ^8.00 ^8.01 ^8.02 ^8.03 ^8.04 ^8.05 ^8.06 ^8.07 ^8.08 ^8.09 ^8.10 ^8.11 ^8.12 ^8.13 ^8.14 OFFICIAL STATEMENT REGARDING GATECOIN HOT WALLET BREACH - Reddit (Accessed Apr 2, 2024)
↑ Screenshot Of Gatecoin Interface (Accessed Apr 26, 2024)
↑ ^10.0 ^10.1 Theft Transaction Of 12 BTC - Blockchain.com (Accessed Apr 17, 2024)
↑ ^11.0 ^11.1 Theft Transaction Of 1 BTC - Blockchain.com (Accessed Apr 17, 2024)
↑ ^12.0 ^12.1 Theft Transaction Of 200.00000000 BTC - Blockchain.com (Accessed Apr 17, 2024)
↑ ^13.0 ^13.1 Theft Transaction Of 45.60000000 BTC - Blockchain.com (Accessed Apr 17, 2024)
↑ ^14.0 ^14.1 Theft Transaction Of 6.18 BTC - Blockchain.com (Accessed Apr 17, 2024)
↑ ^15.0 ^15.1 Theft Transaction Of 2.12 BTC - Blockchain.com (Accessed Apr 17, 2024)
↑ ^16.0 ^16.1 ^16.2 ^16.3 ^16.4 ^16.5 Gatecoin hacked - Palantine King Archive May 12th, 2016 2:54:27 PM MDT (Accessed Apr 24, 2024)
↑ ^17.0 ^17.1 Paletine King - Gatecoin hacked? - Reddit (Accessed Apr 24, 2024)
↑ ^18.0 ^18.1 ^18.2 ^18.3 ^18.4 ^18.5 ^18.6 Gatecoin Claims $2 Million in Bitcoins and Ethers Lost in Security Breach - CoinDesk
↑ ^19.0 ^19.1 ^19.2 ^19.3 ^19.4 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents - Kyle Gibson (Jan 25, 2020)
↑ ^20.00 ^20.01 ^20.02 ^20.03 ^20.04 ^20.05 ^20.06 ^20.07 ^20.08 ^20.09 ^20.10 ^20.11 ^20.12 ^20.13 Digital Currency Exchange Gatecoin Offline After Loss of Funds - CoinDesk (Accessed Apr 23, 2024)
↑ Gatecoin - "SERVICE UPDATE: Official Statement Regarding Gatecoin Hot Wallet Breach. Read here" - Twitter (Accessed Apr 24, 2024)
↑ ^22.00 ^22.01 ^22.02 ^22.03 ^22.04 ^22.05 ^22.06 ^22.07 ^22.08 ^22.09 ^22.10 ^22.11 Gatecoin Homepage Official Statement Archive May 14th, 2016 9:09:20 AM MDT (Accessed Apr XX, 2024)
↑ ^23.0 ^23.1 Gatecoin - "we will build a custom platform for REP, DAO, DGD and fiat withdrawals for release on or before May 28." - Twitter (Accessed Apr 23, 2024)
↑ ^24.0 ^24.1 Gatecoin Homepage Archive May 18th, 2016 9:50:02 AM MDT (Accessed Apr 18, 2024)
↑ ^25.0 ^25.1 Gatecoin - Update on Gatecoin Hot Wallet Breach Investigation, Fund Withdrawals & FAQ - Twitter (April 25th, 2024)
↑ ^26.00 ^26.01 ^26.02 ^26.03 ^26.04 ^26.05 ^26.06 ^26.07 ^26.08 ^26.09 ^26.10 ^26.11 ^26.12 Update on Gatecoin Hot Wallet Breach Investigation, Fund Withdrawals & FAQ (May 20, 2016) - Reddit (Accessed Apr 25, 2024)
↑ ^27.00 ^27.01 ^27.02 ^27.03 ^27.04 ^27.05 ^27.06 ^27.07 ^27.08 ^27.09 ^27.10 ^27.11 ^27.12 ^27.13 ^27.14 Update: Launch of Withdrawal Platform & Status of ETH Funds (May 28, 2016) - Reddit (Accessed Apr 26, 2024)
↑ Gatecoin - "Update: Launch of Withdrawal Platform & Status of ETH Funds (May 28, 2016)" - Twitter (Accessed Apr 26, 2024)
↑ gatecoin's hacked ether addresses are known, do we freeze them too? - Reddit (Accessed Apr 23, 2024)
↑ ^30.0 ^30.1 ^30.2 ^30.3 ^30.4 ^30.5 ^30.6 Banks Shun Bitcoin In Hong Kong, Businesses Seek Foreign Help - CoinTelegraph (Accessed Apr 8, 2024)
↑ ^31.0 ^31.1 ^31.2 ^31.3 ^31.4 Hong Kong’s bitcoin businesses suffer after local bank accounts frozen - SCMP (Accessed Apr 8, 2024)
↑ ^32.0 ^32.1 Why Crypto Companies Still Can’t Open Checking Accounts - Bloomberg (Accessed Apr 23, 2024)
↑ ^33.0 ^33.1 ^33.2 ^33.3 kuilef - "gatecoin liquidated :(" - Reddit (Accessed Apr 23, 2024)
↑ ^34.0 ^34.1 ^34.2 ^34.3 ^34.4 ^34.5 ^34.6 ^34.7 Previously Hacked Gatecoin Exchange Receives Liquidation Order Following Banking Problems - CoinTelegraph (Feb 3, 2020)
↑ ^35.0 ^35.1 ^35.2 ^35.3 ^35.4 ^35.5 ^35.6 ^35.7 Gatecoin Crypto Exchange to Shut Down on Court’s Orders - CoinDesk (Feb 3, 2020)
↑ Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 5, 2020)
↑ SlowMist Hacked - SlowMist Zone (Jun 26, 2021)

[1] ttps://twitter.com/search?q=(from%3AGatecoin)%20until%3A2016-06-01%20since%3A2016-05-06&src=typed_query

[:23-2] 2.0 ^2.1 ^2.2 ^2.3 ^2.4 Gatecoin Review - Unblock.net (Accessed Apr 26, 2024)

[:21-3] 3.0 ^3.1 ^3.2 ^3.3 Gatecoin: A regulated bitcoin and ethereum token exchange - Fintastico (Accessed Apr 26, 2024)

[thenextweb-16-4] 4.0 ^4.1 ^4.2 ^4.3 ^4.4 ^4.5 ^4.6 ^4.7 Liquidators put the final nail in Gatecoin’s coffin - TheNextWeb (Feb 3, 2020)

[:22-5] 5.0 ^5.1 ^5.2 ^5.3 Gatecoin Exchange - SideProjectors (Accessed Apr 26, 2024)

[:10-6] 6.0 ^6.1 ^6.2 ^6.3 ^6.4 ^6.5 Gatecoin Homepage Archive May 5th, 2016 6:39:51 AM MDT (Accessed Apr 18, 2024)

[:12-7] 7.00 ^7.01 ^7.02 ^7.03 ^7.04 ^7.05 ^7.06 ^7.07 ^7.08 ^7.09 ^7.10 ^7.11 Gatecoin Launches Bitcoin Exchange with ‘Segregated Bank Accounts’ - CoinTelegraph

[:0-8] 8.00 ^8.01 ^8.02 ^8.03 ^8.04 ^8.05 ^8.06 ^8.07 ^8.08 ^8.09 ^8.10 ^8.11 ^8.12 ^8.13 ^8.14 OFFICIAL STATEMENT REGARDING GATECOIN HOT WALLET BREACH - Reddit (Accessed Apr 2, 2024)

[9] Screenshot Of Gatecoin Interface (Accessed Apr 26, 2024)

[:4-10] 10.0 ^10.1 Theft Transaction Of 12 BTC - Blockchain.com (Accessed Apr 17, 2024)

[:5-11] 11.0 ^11.1 Theft Transaction Of 1 BTC - Blockchain.com (Accessed Apr 17, 2024)

[:6-12] 12.0 ^12.1 Theft Transaction Of 200.00000000 BTC - Blockchain.com (Accessed Apr 17, 2024)

[:7-13] 13.0 ^13.1 Theft Transaction Of 45.60000000 BTC - Blockchain.com (Accessed Apr 17, 2024)

[:8-14] 14.0 ^14.1 Theft Transaction Of 6.18 BTC - Blockchain.com (Accessed Apr 17, 2024)

[:9-15] 15.0 ^15.1 Theft Transaction Of 2.12 BTC - Blockchain.com (Accessed Apr 17, 2024)

[:17-16] 16.0 ^16.1 ^16.2 ^16.3 ^16.4 ^16.5 Gatecoin hacked - Palantine King Archive May 12th, 2016 2:54:27 PM MDT (Accessed Apr 24, 2024)

[:19-17] 17.0 ^17.1 Paletine King - Gatecoin hacked? - Reddit (Accessed Apr 24, 2024)

[:1-18] 18.0 ^18.1 ^18.2 ^18.3 ^18.4 ^18.5 ^18.6 Gatecoin Claims $2 Million in Bitcoins and Ethers Lost in Security Breach - CoinDesk

[kylegibson-86-19] 19.0 ^19.1 ^19.2 ^19.3 ^19.4 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents - Kyle Gibson (Jan 25, 2020)

[:13-20] 20.00 ^20.01 ^20.02 ^20.03 ^20.04 ^20.05 ^20.06 ^20.07 ^20.08 ^20.09 ^20.10 ^20.11 ^20.12 ^20.13 Digital Currency Exchange Gatecoin Offline After Loss of Funds - CoinDesk (Accessed Apr 23, 2024)

[21] Gatecoin - "SERVICE UPDATE: Official Statement Regarding Gatecoin Hot Wallet Breach. Read here" - Twitter (Accessed Apr 24, 2024)

[:18-22] 22.00 ^22.01 ^22.02 ^22.03 ^22.04 ^22.05 ^22.06 ^22.07 ^22.08 ^22.09 ^22.10 ^22.11 Gatecoin Homepage Official Statement Archive May 14th, 2016 9:09:20 AM MDT (Accessed Apr XX, 2024)

[:14-23] 23.0 ^23.1 Gatecoin - "we will build a custom platform for REP, DAO, DGD and fiat withdrawals for release on or before May 28." - Twitter (Accessed Apr 23, 2024)

[:11-24] 24.0 ^24.1 Gatecoin Homepage Archive May 18th, 2016 9:50:02 AM MDT (Accessed Apr 18, 2024)

[:24-25] 25.0 ^25.1 Gatecoin - Update on Gatecoin Hot Wallet Breach Investigation, Fund Withdrawals & FAQ - Twitter (April 25th, 2024)

[:20-26] 26.00 ^26.01 ^26.02 ^26.03 ^26.04 ^26.05 ^26.06 ^26.07 ^26.08 ^26.09 ^26.10 ^26.11 ^26.12 Update on Gatecoin Hot Wallet Breach Investigation, Fund Withdrawals & FAQ (May 20, 2016) - Reddit (Accessed Apr 25, 2024)

[:25-27] 27.00 ^27.01 ^27.02 ^27.03 ^27.04 ^27.05 ^27.06 ^27.07 ^27.08 ^27.09 ^27.10 ^27.11 ^27.12 ^27.13 ^27.14 Update: Launch of Withdrawal Platform & Status of ETH Funds (May 28, 2016) - Reddit (Accessed Apr 26, 2024)

[28] Gatecoin - "Update: Launch of Withdrawal Platform & Status of ETH Funds (May 28, 2016)" - Twitter (Accessed Apr 26, 2024)

[29] tecoin's hacked ether addresses are known, do we freeze them too? - Reddit (Accessed Apr 23, 2024)

[:2-30] 30.0 ^30.1 ^30.2 ^30.3 ^30.4 ^30.5 ^30.6 Banks Shun Bitcoin In Hong Kong, Businesses Seek Foreign Help - CoinTelegraph (Accessed Apr 8, 2024)

[:3-31] 31.0 ^31.1 ^31.2 ^31.3 ^31.4 Hong Kong’s bitcoin businesses suffer after local bank accounts frozen - SCMP (Accessed Apr 8, 2024)

[:15-32] 32.0 ^32.1 Why Crypto Companies Still Can’t Open Checking Accounts - Bloomberg (Accessed Apr 23, 2024)

[:16-33] 33.0 ^33.1 ^33.2 ^33.3 kuilef - "gatecoin liquidated :(" - Reddit (Accessed Apr 23, 2024)

[cointelegraph-17-34] 34.0 ^34.1 ^34.2 ^34.3 ^34.4 ^34.5 ^34.6 ^34.7 Previously Hacked Gatecoin Exchange Receives Liquidation Order Following Banking Problems - CoinTelegraph (Feb 3, 2020)

[coindesk-18-35] 35.0 ^35.1 ^35.2 ^35.3 ^35.4 ^35.5 ^35.6 ^35.7 Gatecoin Crypto Exchange to Shut Down on Court’s Orders - CoinDesk (Feb 3, 2020)

[bitcoinexchangeguide-218-36] Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 5, 2020)

[slowmisthacked-1160-37] SlowMist Hacked - SlowMist Zone (Jun 26, 2021)

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

[22]

[23]

[24]

[25]

[26]

[27]

[28]

[29]

[30]

[31]

[32]

[33]

[34]

[35]

[36]

[37]

Gatecoin Hack: Difference between revisions

Latest revision as of 16:53, 10 May 2024

Contents

About Gatecoin

The Reality

What Happened

Technical Details

Breach Of Multi-Signature Systems

Wallets Used By Thief

Total Amount Lost

Immediate Reactions

Forensic Security Examination

CoinDesk Article and Statement

Updates To Homepage

Official Statement On Reddit

Ultimate Outcome

May 20th Update Provided

May 28th Update Provided

Banking Disruptions in 2017

Exchange Enters Bankruptcy

Inclusion On Hack Lists

Total Amount Recovered

Ongoing Developments

Individual Prevention Policies

Platform Prevention Policies

Regulatory Prevention Policies

References

Navigation menu

Gatecoin Hack: Difference between revisions

Latest revision as of 16:53, 10 May 2024

About Gatecoin

The Reality

What Happened

Technical Details

Breach Of Multi-Signature Systems

Wallets Used By Thief

Total Amount Lost

Immediate Reactions

Forensic Security Examination

CoinDesk Article and Statement

Updates To Homepage

Official Statement On Reddit

Ultimate Outcome

May 20th Update Provided

May 28th Update Provided

Banking Disruptions in 2017

Exchange Enters Bankruptcy

Inclusion On Hack Lists

Total Amount Recovered

Ongoing Developments

Individual Prevention Policies

Platform Prevention Policies

Regulatory Prevention Policies

References

Navigation menu

Search