Cyber Incident Victim: Gelt Finance, Inc.
Date:
Jul 2022
Location:
United States of America
Summary
Gelt Finance, Inc. experienced unauthorized access to its IT network, compromising sensitive user data including names, email addresses, salted password hashes, government-issued identification images, financial transaction histories, bank names, and copies of bank statements. The company responded by isolating the affected server, migrating operations to backup infrastructure, rotating third-party API keys, and engaging external cybersecurity experts to investigate the incident. Affected individuals were notified following confirmation of the breach, though no evidence of data exfiltration was identified. The non-custodial DeFi platform, which converts user deposits to stablecoins, indicated potential financial protections for compromised accounts while acknowledging risks of identity theft or fraud stemming from the exposed information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 12, 2022, Gelt Finance, Inc. detected unusual activity on one of its servers, prompting immediate containment measures. The company took the affected server offline, migrated operations to a backup server, and rotated all third-party API keys. Gelt engaged external cybersecurity professionals to investigate the incident’s cause and scope. By July 18, 2022, the investigation confirmed unauthorized access to the decommissioned infrastructure, though no evidence indicated data exfiltration. The compromised server contained sensitive user information, including names, email addresses, salted password hashes, driver’s license images, passport photographs, Gelt account deposit and withdrawal histories, associated bank names, and copies of bank statements used for account verification. Gelt initiated data breach notifications to affected individuals on July 12, coinciding with the initial detection, and formally reported the incident to state government entities by July 27, 2022. The breach exposed financial and identity verification documents, elevating risks of fraud and identity theft for impacted users.
Gelt Finance, a San Francisco-based decentralized finance (DeFi) platform founded in 2021, offers non-custodial high-yield savings accounts by converting user deposits into stablecoins. Despite its decentralized architecture—where users retain exclusive control over private keys—the breach involved centralized infrastructure storing personally identifiable information and banking documentation. The company acknowledged potential financial liability for consumer harm stemming from negligence in data protection, referencing a $100,000 reimbursement policy for compromised accounts. Legal analyses noted Gelt’s obligation to secure stored consumer data under standard cybersecurity duty-of-care principles, irrespective of its DeFi operational model. The incident’s aftermath centered on forensic investigations to determine root causes and jurisdictional compliance obligations, with no public disclosure of attacker methodologies or confirmed data misuse at the time of reporting.