2gether Hacked
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
The 2gether platform refused to disclose the source of the breach of funds, which would suggest that they felt it would impact their credibility.
Typical problems are funds in the hands of one person, or stored in an online system.
The platform has made an attempt to reimburse all affected users, however they are short of the appreciation of the crypto assets, so affected users are still short by some amount.
This exchange or platform is based in Spain, or the incident targeted people primarily in Spain.
About 2Gether
"Founded in 2017, 2gether offers a cryptocurrency trading platform within the Eurozone for buying and selling without additional fees. The organization's native coin is the 2GT token, which is -- or, at least, was -- due to be issued during 2020 following a pre-sale in Spain." "2gether is a crypto trading app, in which traders and beginners buy and sell cryptocurrencies at real market price, without added fees, in just one click."
"On July 31, the trading platform was targeted by an unknown group of hackers. These hackers stole over 1.183 million Euros ($1.39M) from the service’s investment accounts in a cyberattack." The hacker "stole 114 BTC and 281 ETH" which "equates to 26.79% of overall funds." "[U]ser passwords were also compromised in the security breach, and it is recommended that users change them."
"“As you know, since last Friday July 31, we’ve been managing an extremely difficult situation which has brought us all a lot of uncertainty, caused by the hacking of a substantial part of all the cryptocurrencies available in the 2gether user accounts.” reads a security breach notification published by the company."
"In a stream of Twitter updates posted by 2together CEO Ramón Ferraz Estrada, the executive was keen to emphasize that general wallets and Euro accounts were not impacted, nor were the financial details of payment cards used to deposit funds." The CEO "pointed out that hackers did not steal the financial details of payment cards used to deposit funds."
"The company is also in the process of implementing security protocols on its platform to prevent another incident." "2together has not revealed how the security incident took place. An investigation is underway to find out how the cyberattackers managed to obtain access to the company's servers, as well as the full extent of the damage caused."
"After implementing several security measures at all levels, 2gether is in the process of hiring an independent auditor and expert in security matters to do an all-encompassing pentest of our system," Ramón Ferra, CEO at 2gether, told HackerNoon. "This will be done once every year and whenever a significant upgrade is made to the platform." "Other improvement measures include upgrading, insurance reinforcement, and increased resources on key risk management areas, including CISO, systems management, and DevOps." "The company did not share the technical details of the attack."
"The bad news is that according to the executives, the company does not have enough funds to refund its users." "As compensation for the stolen funds, the company offered customers its native 2GT token at a price equivalent to 5 cents each." "To cover the loss the team decided to use their 2GT token to reward all users. The token is valued at 5 cents, at the same price as the ICO (Initial Coin Offering), also because it is not listed anywhere and has no market value. For this reason, until it is released on the market, users only have tokens that are worthless and impossible to liquidate."
"The team sat down at a table with investors to reach an agreement, but this was not possible, as the platform does not have enough funds to cover the loss." Eventually, "2gether announced that it is taking an alternate approach to its breach. It is compensating its users to give back the cryptocurrency stolen from their accounts." ""We hope you can see these hard times and adverse events compensated soon, whether you decide to give us the vote of confidence we're asking you for or not," the team added."
"During the interview, Ferraz sent two messages: one for those awaiting the replenishment of funds and the other for those users who would be managing lawsuits. To the first group, he said that raising 1.2 million euros in a pandemic and in the midst of a difficult economic situation is “not easy at all because things take time.” The CEO mentioned that the outlook is more complicated due to the uptrend of the market."
"To the second group he said: «I am not thinking about that, I have not stolen anything from anyone, 2gether had the attack and we have assumed responsibility and we are working with the whole team to solve the problem. Anything other than to recoup losses seems to me to be time badly spent on my part. I think that is not the way for us to recover everything we have lost, my priority is not that. My priority is to be able to close the round »."
"Since the hack, 2gether CEO Ramón Ferraz Estrada said the firm had been working raising €1.2 million (US$1.5 million) to improve the company’s security and risk management, and to replenish the stolen funds." "To raise the capital to execute the plan, 2gether worked with the community, private investors, and partners to generate an equity crowdfunding round, which closed at the legal maximum of €1.5 million, 125 percent of its target." "In the end, 2gether managed to hit the regulated limit of €1.5 million, he said. The raise included voluntary conversion of some of the lost funds into shares and tokens." "The funds raised in the latest round will strengthen the company's security, risk management, and coverage model."
"Addressing customers in a Jan. 25 2021 letter, the CEO said that, due to the recent rise in the value of bitcoin (BTC, +11.87%) and ether (ETH, +26.53%), the company still cannot refund 100% of the stolen assets to 9% of users. However, roughly 5,000 users will receive full refunds of BTC and ETH that was not previously converted."
"2gether’s first move was to compensate 91 percent in the full, native crypto value that was lost at the time of the cyberattack, which is three times the value in euros that users lost at the time of the incident. For the remaining nine percent, 2gether is committed to compensating them with a package that is highly satisfactory. We are presently offering them the best compensation packages the company is able to provide, with a long-term goal of compensating the full value lost in the original cryptocurrency. We estimate that a full refund could take more time, but we always give freedom to our users to choose their best option."
"The remaining nine percent with the highest total value of crypto in their accounts are compensated with a solution that includes at least the value in euros at the time of the cyber-attack and, in most cases, exceeds that value." "Users in the nine percent cohort have two different options for compensation. They can accept 2gether's initial offer for the value of their lost assets in euros at the time of the attack or submit an appeal for a different compensation package." "Customers can choose to either accept or reject the proposal made by 2gether. If the users decide to reject the mentioned solution, the exchange asks them to give the company “more time to try recovering the total amount of funds as soon as possible.”" "[P]er a statement sent to news.Bitcoin.com, 2gether clarified that they’re “aiming to reimburse the full amount for everyone.”"
This exchange or platform is based in Spain, or the incident targeted people primarily in Spain.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| July 31st, 2020 12:00:00 AM | First Event | This is an expanded description of what happened and the impact. If multiple lines are necessary, add them here. |
Total Amount Lost
The total amount lost is unknown.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
It is unknown how much was recovered.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Prevention Policies
It is difficult to prevent an issue which cannot be identified. However, there is no documented case of an offline wallet being breached when multiple signatures of trained individuals are required to release the funds.
References
Crypto Hacks 2020: A Comprehensive List - ImmuneBytes (May 17)
Crypto Exchange 2gether Says It Can't Fully Reimburse 9% of Users After 2020 Hack - CoinDesk (May 23)
2gether hacked: €1.2m in cryptocurrency stolen, native tokens offered in exchange | ZDNet (May 23)
@monchoferraz Twitter (May 23)
@2gether_global Twitter (May 23)
2gether compensates for its crypto cyber-attack losses | Hacker Noon (May 23)
Hackers stole €1.2m worth of cryptocurrency from 2getherSecurity Affairs (May 23)
Crypto Exchange 2Gether Says It Can't Fully Reimburse 9% of Users After 2020 Hack (May 23)
Crypto Exchange 2gether Says It Can’t Fully Reimburse 9% of Users After 2020 Hack (May 23)
2gether loses funds due to a hack - The Cryptonomist (May 23)
"Give back the bitcoins", 2gether users ask for speed after hack - Archyde (May 23)
2Gether Disclosed a Security Breach (May 23)
CipherTrace Cryptocurrency Crime and Anti-Money Laundering Report 2020 (Jun 19)
SlowMist Hacked - SlowMist Zone (Jun 25)