2gether

2gether is a cryptocurrency trading platform headquartered in Spain that provides investment accounts for users to trade and hold digital assets. The platform facilitates the buying, selling, and custody of various cryptocurrencies, integrating Euro fiat accounts that allow deposits, withdrawals, and transactions in euros alongside crypto holdings. It also offers payment card services linked to user accounts, enabling real-world spending of digital assets, though the security of card details was maintained during a significant breach. At the time of the July 2020 incident, the theft of approximately €1.2 million in cryptocurrency represented 26.79% of the platform's total user funds, indicating a moderate scale of assets under management. The breach specifically compromised investment accounts, resulting in the loss of crypto holdings and user passwords, while Euro accounts and payment card data remained secure, suggesting segmented security protocols that prioritized fiat and card information protection.

On July 31, 2020, 2gether experienced a cyberattack that breached its investment account systems, stealing cryptocurrency worth €1.2 million and exposing user passwords. Despite the intrusion, Euro-denominated accounts and associated payment card details were unaffected, limiting the financial and data impact to crypto assets and authentication credentials. In the aftermath, unable to secure external funding, the company compensated affected users with its native platform tokens issued at a preset price, effectively restoring the equivalent value of stolen assets. 2gether concurrently initiated a forensic investigation into the attack's origins and methods while implementing enhanced security measures to restore service integrity and prevent future breaches. This response highlighted a user-focused remediation strategy amid financial constraints, though it also underscored the operational risks faced by cryptocurrency platforms lacking external capital buffers. Post-incident, the platform continued operations with reinforced security frameworks, though specific details on long-term regulatory outcomes or comprehensive user recovery beyond the initial token compensation are not publicly documented.