Cyber Incident Victim: Gatecoin

On May 9, 2016, Gatecoin, a Hong Kong-based cryptocurrency exchange, experienced a server intrusion that led to a multi-day breach. The initial compromise occurred late that evening when one of the company's servers unexpectedly rebooted. Attackers maintained persistent access to Gatecoin's network from May 9 through May 12, gradually escalating their activities according to investigations conducted by the exchange's security team and external experts from Tehtri Security. The breach remained undetected until May 13, when administrators observed unauthorized transactions occurring through their platform. These suspicious activities prompted immediate action, with Gatecoin suspending all services within hours of detection to contain the incident.

Forensic analysis revealed the attackers had compromised the exchange's hot wallet infrastructure, which held cryptocurrency reserves for processing customer transactions. The breach resulted in the theft of 250 Bitcoin (valued at approximately $114,500) and 185,000 Ethereum (worth about $1,850,000), totaling $2 million in losses. Gatecoin confirmed that cold wallet storage systems utilizing multi-signature security protocols remained unaffected, protecting the majority of customer funds. The stolen assets represented approximately 15% of the exchange's total holdings. In response, Gatecoin identified and published six Bitcoin and four Ethereum wallet addresses used by the attackers to exfiltrate funds, while other cryptocurrency exchanges volunteered to monitor blockchain activity associated with these addresses. The company announced plans to reimburse affected users and scheduled the resumption of withdrawal services for May 28, 2016, following system security enhancements.