r/CryptoCurrency • u/italianwopper π₯ 11 / 12 π¦ • 4h ago
ADVICE My gate account account was hacked this morning $16k
Hello all, my gate account has been hacked. I woke up this morning to over $16,000 stolen from my account.
I have 3 layers of security. Two factor, email password verification which sends the code and my funds password. All three layers were by passed.
I have looked through my events viewer to see if anyone has accessed my machine and all the event ID's show no access has been made.
I have traded for 10 years and have been obsessive over security I have never been hacked before this is the first time.
I am very aware of links, malware and phishing so I don't click about links. I don't and have not shared my password to anyone. I know very few people and no one has access to my house. I'm very private as a person.
Still all my funds on the exchange were withdrawn this morning and I went into a panic spin. Gate simply said, send us a support ticket and I need to all to my local police.
They have not been supportive at all. I never received one email from gate with a code to approve the transactions and my two factor is on all the time.
Unless the hacker deleted these email codes and got into my email, which I find so unlikely. I am not sure how it was all bypassed.
I have always traded manually but last night for the first time I tested a bot that gate offers with $2.
I have an API key that I've been testing my own bot with. I have not shared the api key with anyone. The bot I made I've run once and it is only to make spot trades not withdrawals. So it cannot be that, I have not shared that with anyone.
My simple earn subscriptions were all manually redeemed by the attacker and then withdrawn. To their wallet on the bsc chain. USDT had been withdrawn.
What are the recourse and steps out local police are useless. I highly doubt my machine was exploited as I only use it for my trading.
This becomes an issue where perhaps the exchange had a vulnerability exploited, but they would argue it was my device. Instead.
What are the steps from here? This is the first time it has happened to me. What do people normally do.
Thanks
Update:
Thinking over where I have gone wrong.
Just to clarify. The two out of norm instances are that yesterday I tried one of the bots that gateio promotes. With $2 to see how it performed.
Secondly some weeks ago I generated an api, with the only permission being to place a spot order. No withdraw permissions etc. I wrote my own python script to place a spot trade through the api. I never finished the script. I scrapped the idea. However I created an API key and that is the point I wanted to make. Never shared it, but I did create it. I never finished the script I wrote. So I scrapped it. Yesterday is when I ran gates bot and this morning my funds are stolen.
Also, for those on about cold storage. I do store my investments on cold. But my day trading funds are on the exchange I earn my income from that so I trade it daily hence it's on there.
16
u/metamorphosis π¦ 0 / 0 π¦ 3h ago edited 3h ago
Was the bot developed by you? (No third party non standard libraries etc? )
Also if using Gmail, you can see login activity to confirm the scenario that the attacker compromised your email for 2FA.
But my bet is that the API key got compromised.
12
β’
u/italianwopper π₯ 11 / 12 π¦ 42m ago edited 26m ago
Yes I did the script myself but this was some weeks ago. Very simple one to only place a spot buy. Nothing else. The permission was only to place a trade. But i never finished the script since then. The only proper bot I tried after that was gates one. I tried it yesterday, this morning my funds were withdrawn. It just seems too coincidental that it happened around the same time.
β’
u/metamorphosis π¦ 0 / 0 π¦ 20m ago edited 14m ago
Not familiar with gate exchange but are these bots are gate official bots or user bots?
To narrow it down, does gate offer API activity log?
Re: script. Did you implement your own gate API or downloaded a library ? Where from ?
Either way, yeah it seems too coincidental. Check addresses to which funds are withdrawn too. Check their bubble map and activity. That can give some insights.
P.s. How do you know funds are withdrawn? What are timestamps of account activity and what does it say ? If you had various assets and funds are withdrawn in very close succession then its some sort of exploit. If there is relatively speaking a larger time difference, then it might be 2fa /identity exploit.
It could be that the issue is with exchange given that you use bots on their exchange one day prior
16
u/prammydude π© 0 / 0 π¦ 3h ago
It seems liikely to me that the first use of this bot and the withdrawal of all your money within 24hours are related. Are you sure the bot is from gate? Seems too coincidental to be unlinked
β’
u/italianwopper π₯ 11 / 12 π¦ 46m ago
Yes absolutely... this is what makes the most sense to me. It was a bot within gate yes.
9
u/AncientProduce π© 0 / 6K π¦ 3h ago
Security minded and doesnt run a second account for the bot using an api.
Your api was stolen, you shouldnt use apis on your main accounts.
Always have a 'storage' wallet and a 'connection' wallet.
β’
u/italianwopper π₯ 11 / 12 π¦ 47m ago
This is where I think I have gone wrong. I trialed a bot promoted by gate with $2 as a trial. And my funds are now gone.
27
u/A1JX52rentner π© 2 / 3K π¦ 3h ago
obsessive over security
Quick google research:
Gate is a global cryptocurrency exchange with a registered headquarters in George Town, Cayman Islands.
I dont think you are obsessive over security if you deal with cayman islands...
10
u/hsifuevwivd π₯ 11 / 2K π¦ 2h ago
Yeah and even then someone obsessive over security would use a cold wallet and not keep funds on any exchanges.
2
9
u/Flipmode45 π¨ 0 / 1K π¦ 3h ago
And even if you are obsessive over security, they probably arenβt.
β’
u/NUPreMedMajor π¦ 889 / 890 π¦ 57m ago
This is crypto. Half of all the businesses are based out of cayman or BVI because the US was so unfriendly towards crypto companies until recently
β’
u/italianwopper π₯ 11 / 12 π¦ 49m ago
As I said, most of my funds are on cold storage. The funds I trade with I have on an exchange I don't use dexes. Mostly cex's to trade. How does a person trade full time out of cold storage.
3
5
u/Dragonbreath800 π© 0 / 0 π¦ 2h ago
βΒ I have always traded manually but last night for the first time I tested a bot that gate offers with $2.β
Thatβs where you fucked up
β’
u/italianwopper π₯ 11 / 12 π¦ 51m ago
I think so it's the only out of the ord behaviour I have taken part in.
3
4
u/trainrweckz π¦ 0 / 0 π¦ 3h ago
Obsessed with security and no cold wallet?
9
u/italianwopper π₯ 11 / 12 π¦ 3h ago
Yes I have my invested crypto stored on colds wallets but my scalping day trading funds are on gate atm. I am a trader
1
u/Azzuro-x π© 0 / 0 π¦ 2h ago
Have you enabled withdraw as well for the API key in question or only trading ?
β’
1
2
u/Mother-Prize-3647 π© 0 / 0 π¦ 3h ago
Gate exchange, this is where you went wrong.
First of all leaving your crypto in an exchange.
Second of all, using an untrusted exchange.
Have you not been listening to what people here have been banging on about for years.
Your just gonna have to take some responsibility and learn from your mistakes
6
u/Dedsnotdead π© 1K / 1K π’ 2h ago
Heβs said heβs holding funds offline in cold wallets and the tokens on exchange were for trading?
Aside from the choice of exchange, how do you propose he does this without leaving tokens on an exchange to trade with?
2
u/Mother-Prize-3647 π© 0 / 0 π¦ 2h ago
Use a reputable exchange. Itβs not rocket science. Coinbase, kraken, whatβs wrong with them.
Them dodgy exchanges probably offered OP something free or high staking returns and in turn steal funds. Common as day
0
u/BrokenReviews π© 2K / 2K π’ 2h ago
Coinbase, kraken, whatβs wrong with them.
Trade commission.
2
u/Haaz__ π© 1 / 2 π¦ 1h ago
Better than losing all your coins bruh
1
u/BrokenReviews π© 2K / 2K π’ 1h ago
So... Just bleed it out to the exchange and make billionaires more....?
I mean it's ok it all you do is HODL, but you're getting raped with every buy in too.
1
u/Mother-Prize-3647 π© 0 / 0 π¦ 1h ago
Kraken pro, set buy orders, close to zero spread. Use your brain. For example, I wanted to buy eth few months ago, I set a lowball price at 2.5k when it was at 4k. I had buys triggered at 2.5, 2, and 1.5. Average cost being 1.8, which I just sold a few days ago at 4.7.
Spread becomes irrelevant, you casuals just jump in head first when prices are ath and get left holding the bag. Seen it over and over again. Everyone jumping on the eth now, whilst declaring it dead when it was 1.5k a few months ago.
Now what I do is repeat the process, set the buys again starting at 2.5k. Rinse and repeat, easy money
β’
u/BrokenReviews π© 2K / 2K π’ 54m ago
Before you lecture on LIMIT orders, please compare the differences between the trade commissions among the platforms. This is what in speaking of.
Kraken is only competitive if you're on OTC, but there's no way you're doing rapid/volume trades that way.
0
u/Haaz__ π© 1 / 2 π¦ 1h ago
What sites are you using to be getting raped every buy in. Maybe if youβre doing daily $1 purchases. If the site doesnβt have trade commission itβs probably added into their spreads.
β’
u/BrokenReviews π© 2K / 2K π’ 53m ago
The percentage difference between platforms is enough to be significant for some of us.
-8
0
u/StatisticalMan π© 0 / 10K π¦ 1h ago
What are the steps from here? This is the first time it has happened to me. What do people normally do.
There are no next steps. Your money is gone. Next time don't leave funds on an exchange.
Certainly don't just use an api on a whim with 100% of your crypto holding on that exchange accont.
β’
u/Status-Nose-7173 π© 0 / 0 π¦ 32m ago
"I have traded for 10 years and have been obsessive over security"
"My Gate account"
Pick one.
-7
u/Ikki_The_Phoenix π¨ 0 / 0 π¦ 2h ago
Rule number 1 just invest what you are 100% willing to lose. Imagine panicking over 16k π
1
u/itsadiseaster π¦ 61 / 62 π¦ 1h ago
For you 16k may be 6 months of living expenses For OP that may be play money.
β’
u/Ikki_The_Phoenix π¨ 0 / 0 π¦ 59m ago
"play money"? He's panicking because he got 16k siphoned off him...
34
u/god_damn_you_tiger π© 0 / 0 π¦ 3h ago
macOS user? If so, perhaps you were the victim of zero day attack that Apple patched 5 days ago. But 16k sounds too small to exploit, attack should have been really sophisticated and targeted.
I lean towards API compromise here tbh