A Gate.io customer reported an unauthorized withdrawal of $1.7 million (approximately 2.6 billion won) in cryptocurrency assets on the 8th. X influencer 'jheioff' stated that despite having phone authentication, Google authentication, and email authentication enabled on the real-name verified account, all assets were withdrawn without any SMS verification codes being received. The incident followed a password reset email on the 4th and an account email change notification on the 5th, raising concerns about the exchange's security protocols and initial response handling.
X influencer 'jheioff' disclosed on the 8th that the Gate.io account was compromised and all assets worth $1.7 million (approximately 2.6 billion won) were withdrawn. The customer explained that the account was real-name verified with phone authentication, Google authentication, and email authentication all configured, and no SMS verification codes were received on the phone. The customer stated that no videos or ID photos were provided to anyone.
According to the customer's account, a login password reset email verification arrived on the 4th, followed by an account email change notification on the 5th, after which the fund withdrawal occurred. The customer demanded that Gate.io identify the person who submitted these materials and establish compensation measures.
Gate.io stated on the 8th that "this case is under urgent investigation and appears to be an individual case, with no security vulnerabilities in the system." However, criticism emerged regarding the initial response, as the asset theft was confirmed and raised trust concerns.
As the controversy intensified, Gate.io issued an apology on the 11th. The exchange stated, "Our attitude was not appropriate in the initial external communication process, and we did not prioritize user emotions." Gate.io added, "Although no platform security risks were identified in the initial investigation, the losses and anxiety experienced by users clearly exist."
Gate.io cited three reasons for the inadequate initial communication: the completeness and accuracy of information held by the applicant for security setting changes was unusually high; emails and text messages were sent to the customer when security setting changes were requested; and the IP address was in the same region as recent access addresses. The exchange explained that it is tracking the movement path of the leaked funds, supporting freeze requests and police reports, and pursuing the funds. Gate.io added, "Although there is uncertainty, we will make efforts to recover user funds as long as there is even a slight possibility."
What security measures did the Gate.io customer have enabled before the unauthorized withdrawal?
The customer had phone authentication, Google authentication, and email authentication all configured on a real-name verified account.
What did Gate.io state in its apology on the 11th?
Gate.io acknowledged that its attitude was not appropriate in the initial external communication process and stated that it did not prioritize user emotions, while confirming that the losses and anxiety experienced by users clearly exist despite no platform security risks being identified in the initial investigation.
Related News