Gatecoin, a Hong Kong-based digital currency startup that has cited segregated client accounts as a way to minimize exposure to risks, suffered a breach and lost 250 BTC and 185,000 ETH, 15% of its crypto asset deposits.
A cybersecurity firm, Tehtri Security, conducted a forensic investigation and confirmed the breach, Gatecoin announced in a statement by CEO Aurélien Menant posted on its website.
The breach took place between Monday, May 9, late night HKT, to Thursday evening HKT, 12 May 2016, the statement noted. The company noticed a disruption of service caused by a server reboot. The company said the breach is linked to this event.
On Friday HKT, May 13, Gatecoin detected suspicious transactions and immediately suspended its services to investigate.
Most clients’ asset funds are stored in multi-signature, cold wallets. However, the attacker managed to alter the system so that BTC and ETH deposit transfers bypassed the multi-signature cold storage and entered the hot wallet during the breach. The loss of ETH funds exceeded the 5% limit Gatecoin placed on its hot wallets.
The hot wallet breach resulted in a loss of 250 BTC and 185,000 ETH, the equivalent of $2 million USD. This represents 15% of the total crypto-asset deposits Gatecoin held.
Thus far, the forensic investigation identified the following wallet addresses used by the hackers:
The Gatecoin team is working with Tehtri Security to confirm all of the details related to the breach and ensure its systems can move to a new, clean, thoroughly tested and monitored infrastructure before services resume.
A bespoke platform designed to allow all Gatecoin clients to withdraw remaining funds in BTC, USD, EUR, DAO, DGD, REP and HKD will be released on May 28, 2016.
Gatecoin has not confirmed the exact date for withdrawals for clients’ ETH funds.
All DAO, REP and DGD funds are secure, the statement noted.
Gatecoin has funded the DAO contracts for DAO token holders.
Five percent of all Bitcoin funds were compromised in the breach. The remaining Bitcoin funds are stored in multi-signature cold wallets along with the remaining crypto-assets.
All fiat currency funds held in USD, EUR and HKD are secured in segregated client accounts. Clients can withdraw the funds after May 28, 2016.
Gatecoin is working to raise additional funding to cover the losses of BTC and ETH. The company hopes to reimburse all customers that have lost funds as soon as possible.
“We sincerely apologize for all the concern experienced by our clients and for the inconvenience caused while clients wait for their fund withdrawals to be processed,” Menant noted in his statement.
“Gatecoin would also like to express our gratitude to the community of exchanges that have very kindly volunteered to help identify the parties responsible for the stolen funds.”
Gatecoin will release updates on Reddit, Twitter and its homepage.
Featured image from Shutterstock.