Gate responds to recent security incident: Customer external information leaked, immediately sorted out fund flows
Odaily Odaily reports, in response to the online rumor of "Gate being hacked for 1.7 million," Gate has released a comprehensive investigation report stating that upon receiving customer feedback, Gate immediately initiated a special review mechanism to trace and cross-verify the entire process of this security unbinding application. After retrieving and reviewing all application materials item by item, it was confirmed that the applicant submitted the following highly matching identification documents for the customer's account. This indicates that the applicant not only had access to the customer's account information but also, through external channels, had prior knowledge of the customer's real-name information, Alipay account, transaction records, and corresponding device operation permissions, and was able to successfully pass Alipay's multi-factor identity verification.
Gate platform's security unbinding review mechanism strictly implements a four-layer verification process of "multi-channel advance notification + system risk control initial screening + manual multi-layer review + time protection." It has never and will never approve any security change application based solely on a single piece of material. Furthermore, the platform possesses mature permission control and data leakage prevention systems. The applicant submitted personal information completely and accurately, information which the platform did not previously possess. This incident is entirely impossible to be a leak from the platform itself.
Since the incident occurred, Gate has given it the highest priority, promptly and completely sorted out all fund flows, and coordinated with security, compliance, legal, business, and other teams to mobilize available resources for on-chain analysis, asset tracking, and freezing. Currently, Gate is continuously coordinating with Tether and other relevant third-party institutions to advance the legal and operational procedures for fund freezing. Subsequent steps require continued coordination with various platforms and submission of necessary materials based on requirements.
Based on the findings of this investigation, the core risk exposed by this incident lies in the leakage of customers' external real-name information, Alipay accounts, and device permissions, which were illegally obtained and exploited by third parties.
