GATECOIN

DESCRIPTION OF EVENTS

"News emerged last week of yet another security event in the digital currency exchange ecosystem, this time impacting a Hong Kong-based service involved in the sale of assets related to Ethereum-based decentralized autonomous organizations (DAOs). As reported on Friday, Gatecoin experienced a cyberattack on its hot wallets that resulted in the loss of funds. A new update from the exchange team indicated that as much as $2m was lost, confirming rumors that circulated soon after the hack became apparent."

Gatecoin was one of the first regulated digital asset exchanges. This didn’t stop the hack of 185,000 ETH and 250 BTC. According to a forensic analysis, the exchange may have been the victim of a man-in-the-middle attack. The malicious external party involved in this breach managed to alter their system so that BTC and ETH deposit transfers bypassed the multisig cold storage and went directly to the hacker’s hot wallet during the breach period. The company fired their CTO, managed to raise $500k in order to reopen, and ultimately repaid all customers. They were saved by maintaining large cold wallet reserves which appear to have been properly stored, and appear to have dealt with the issue transparently. Having hot wallet insurance would have further assisted with the recovery; however a system like Proof of Reserves or an automated alert system could have allowed the issue to be noted sooner.

Liquidators put the final nail in Gatecoin’s coffin (Feb 2)
Previously Hacked Gatecoin Exchange Receives Liquidation Order Following Banking Problems (Feb 2)
Gatecoin Crypto Exchange to Shut Down on Court’s Orders - CoinDesk (Feb 2)
100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents (Jan 24)
Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 4)
SlowMist Hacked - SlowMist Zone (Jun 25)

More case studies

ShapeShift
Three Thefts

Ethereum DAO
Reentrancy Attack