To Our Valued Customers:
In early August 2017, GateHub discovered that a criminal had exploited a flaw in an auxiliary deposit processing service, resulting in a net loss of $5 million. This represents a small fraction of GateHub’s total volume, the overwhelming bulk of which is held in secure offline cold storage.
We would like to assure all GateHub customers that their funds are safe and no client information has been compromised. Customer balances were not affected and all transactions will be honored in full.
We are working closely with law enforcement and are diligently pursuing the suspects and our stolen funds.
GateHub’s shareholders, not its customers, absorbed this loss.
We have put in place a new $5 million capital facility to backstop our working capital, and the company is financially sound. We are profitable and growing fast. GateHub now hosts more than 700,000 customer wallets, which are secure and untouched.
The criminal exploited a “partial payment” feature on Ripple’s RCL that was exposed in a code update on a backup processing system. The theft was temporarily obfuscated by unusually heavy withdrawals associated with the recent bitcoin fork, but GateHub acted quickly to patch this vulnerability upon discovery.
We learned valuable lessons from this episode, and are taking aggressive steps to make GateHub more secure. GateHub is in the process of installing a multisig system, and in the near future, will be presenting a new, off-ledger trading system that will be safer, faster and easier to use.
Customers can stay informed of our investigation via updates on our website.
No action is required. We wanted to inform you of this occurrence in order to fulfill our commitment to transparency and customer service.