Throughout May 9-12th, the Hong Kong-based exchange Gatecoin’s hot wallet system was compromised. In an official statement, the company confirmed forum rumours of the site being hacked. The exchange estimates they lost a total of 185,000 ETH and 250 BTC the equivalent of roughly $2 million USD.
Gatecoin says it has started an initial forensic investigation with a cyber security firm called Tehtri Security. Throughout the mysterious event, the team has found a breach in the system and a loss of about 15% of the exchange’s crypto-assets. On May 13th, the company had noticed “suspicious” activity and immediately shut the server down. Gatecoin says on May 9th they had suffered from some “disruption of service” and believe the two events may be connected. The Hong Kong exchange confirm that most of the assets held within the institution are kept in cold storage. However, the attacker managed to bypass transfers taking place and reroute them. The company explains in the official statement:
“The malicious external party involved in this breach, managed to alter our system so that ETH and BTC deposit transfers by-passed the multi-sig cold storage and went directly to the hot wallet during the breach period. This means that losses of ETH funds exceed the 5% limit that we imposed on our hot wallets.”
The announcement has come from the CEO of Gatecoin Aurélien Menant and the company says they “greatly appreciate the patience.” They will continue investigating the case with operations shut down. This will continue until the Tehtri Security team thoroughly goes through every piece of evidence. As well as the cyber forensic investigation the exchange wants to “ensure that our systems can be moved to a new, clean, thoroughly tested, and monitored infrastructure before services can resume.”
A temporary platform is being designed to allow Gatecoin clients withdraw the remaining assets held in the exchange. This is hoped to be released by May 28th, 2016 and they will allow the withdrawals of the following tokens, BTC, DAO, DGD, REP, USD, EUR and HKD. Ether will most likely be a touch longer and withdrawal times are “yet to be confirmed.” The service had also been one of the facilitators for the DAO crowdfund. The CEO states that all DAO assets are secure and fiat accounts are safe as well. Gatecoin’s Aurélien Menant states:
“All DGD, REP and DAO funds are secure and Gatecoin has funded the DAO contracts for DAO token holders. 5% of all BTC funds were compromised in the breach, but 95% remain stored in multi-sig cold wallets along with the remaining crypto-assets. All fiat currency funds held in USD, EUR and HKD are secured in segregated client accounts and can be withdrawn by clients after May 28, 2016.”
Live Bitcoin News will keep our readers informed of any upcoming developments with this investigation. The addresses used by the hackers were identified and Gatecoin has revealed them publicly here. The company hopes to reimburse all customer losses as soon as possible and remain confident they will be operating again shortly.
Source: Gatecoin Images via: Gatecoin