Futures
Access hundreds of perpetual contracts
CFD
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
CFD
Stock CFD Derivatives
US Stocks
Access real US stocks and ETFs
HK Stocks
Trade quality Hong Kong-listed stocks
Korean Stocks
SK Hynix
Real Korean stocks and top assets
Stock Futures
High leverage, 24/7 trading
Tokenized Stocks
Backed by real stock assets
IPO Access
Unlock full access to global stock IPOs
GUSD
3.8%
Mint GUSD for Treasury RWA yields
Stocks Activities
Trade Popular Stocks and Unlock Generous Airdrops
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
IPO Access
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
AI infrastructure, Gate MCP, Skills, and CLI
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
Analysis of the theft of $1.7 million in assets from a Gate user
Introduction: An Unresolved Exchange Hack Dispute
Recently, a Gate Exchange user posted online, claiming that about $1.7 million in assets in his account were transferred out by someone. According to him, his account had enabled mobile verification, Google Authenticator, and email verification. Throughout the process, he received no SMS verification codes, and he never provided anyone with a face video or a photo of his ID card held in hand.
Gate then released a timeline, saying that during key actions such as unbinding, changing passwords, and withdrawing funds, the account passed liveness facial recognition and multiple verification codes. Based on this, the platform believes it is not a systemic risk or a website security issue, and more likely relates to the leakage of customer real-name information, the Alipay account, and device permissions beyond the platform’s control.
( Tweet by the victim of the stolen assets )
( Tweet of Gate’s official response )
What’s interesting, however, is that the customer later posted a video, claiming that at the time Gate said it had completed the face recognition, he was holding a child and was not operating his phone. He therefore questions: If the本人 did not perform any actions, how did the platform’s face risk control pass?
So is the platform’s risk control bypassed by AI face-swapping and other technologies, or were the customer’s own information, device, or account permissions controlled by someone else? As of now, both sides are making conflicting claims, and there is still no final conclusion.
But this case does remind many users who keep assets on exchanges: if your coins are transferred away, besides reporting to the police, what else can you do?
Lawyer Liu has long handled legal consultations and cases involving virtual currencies and Web3. Combining the common handling pathways for incidents like this, here are some practical suggestions.
1. First, determine where the problem might be
When an exchange account’s assets are stolen, it can generally be analyzed from two directions.
First, issues with the exchange’s own security or risk controls.
For example, the platform system may have vulnerabilities, risk-control mechanisms may be bypassed, or hackers may directly attack the platform system. In multiple previous large exchange theft incidents internationally, hacker organizations reportedly stole large amounts of assets by attacking exchange platforms, hot wallets, or internal permission systems. The most typical example is the Lazarus Group (North Korea–linked hacker group), with a long record of “battle achievements,” repeatedly breaking into well-known platforms and siphoning off huge amounts of assets. If the losses mainly stem from failure of the exchange’s security mechanisms, then the exchange may need to bear corresponding responsibility.
Second, the user side’s information or permissions are in someone else’s hands.
For example, the private key or mnemonic phrase is leaked, the email or phone is controlled, malware is planted on the device, or KYC information is misused. In this case, what Gate claims is that the other party illegally obtained and used the client’s real-name information, Alipay account, device permissions, and so on.
In recent years, new risks have also emerged: criminals first obtain users’ identity documents, face photos, and video materials, then use AI deepfake technology to synthesize dynamic faces and try to bypass the platform’s liveness checks.
So, the truly difficult part of these cases is often not confirming whether the coins were transferred out, but further investigating: was the platform’s risk control failing, was the user’s information leaked, or were there problems on both sides?
This is also the most core—and most difficult—part to prove in later rights protection.
2. Reporting to the police is necessary, but don’t just wait for results
Once you discover your assets were stolen, reporting immediately and preserving evidence is essential. Because later, when you need to promptly request the exchange and stablecoin issuers (such as Tether, Circle) to freeze the involved assets, it must be on the premise that the case has been filed by judicial/law-enforcement authorities.
Materials that need to be preserved include: account login records, withdrawal records, platform notifications, emails and SMS messages, chat logs, records of device abnormalities, on-chain transaction hashes, platform customer service communication records, and more. The earlier and more complete the evidence is preserved, the greater the room for subsequent handling usually is.
But there should also be a realistic expectation: in cases involving criminal reports about virtual currencies, relying solely on criminal reporting to recover all losses is usually quite difficult.
The reasons include several factors: there may be disputes about how the case is characterized, the competent jurisdiction may not be clear, identifying the amount involved and coin price can be complex, and the funds may be transferred across borders, enter into mixer services, or be exchanged into other coin types. Even if the criminal case can be advanced, the process of recovering stolen assets often takes a long time.
So, reporting to the police is the starting point, but it is typically not the only handling path.
3. Besides reporting, what else can be done simultaneously
(1) Track on-chain as soon as possible and strive for a freeze
After virtual currency is stolen, time is extremely critical.
You should promptly use professional blockchain security companies or technical teams to trace the stolen funds on-chain, confirm which address the funds were transferred out from, what addresses they passed through, whether they entered any centralized exchanges, or whether they were exchanged for centralized stablecoins such as USDT and USDC.
If the funds are still USDT or USDC, or have already flowed into a centralized exchange, there may be an opportunity to push the stablecoin issuer or related platforms to freeze the involved addresses, accounts, or assets.
In this case, Gate also mentioned that it is seeking Tether’s assistance to freeze the relevant assets.
However, actions like this should usually be done as early as possible. Once the funds have been split multiple times, bridged across chains, mixed, or converted into coins with stronger anonymity, the difficulty of later freezing and tracing will increase significantly.
(2) Consider civil claims or arbitration, but first check the agreement
If users believe the exchange failed to fulfill its security obligations, its risk-control mechanism failed, or the review was insufficient, they may consider claiming damages from the exchange.
But before taking action, you must first review the platform’s user agreement.
For example, in Gate’s case, its user agreement includes terms regarding asset security, user responsibilities, governing law, and dispute resolution methods. If the agreement specifies that disputes are submitted to offshore arbitration—such as arbitration in Panama—then for ordinary users, the costs, language, procedural requirements, and regional barriers would be relatively high.
In addition, exchange agreements typically state that if losses were caused by the user’s account information, passwords, devices, identity资料 leaking, and similar reasons, the platform may not bear responsibility or may limit responsibility.
This does not mean the user is absolutely unable to sue. However, before acting, you need to assess several issues: whether the platform had fault, whether the user also had responsibility, whether existing evidence can prove that the platform’s risk controls had defects, and whether the cost of resolving the dispute is worth the investment.
(Excerpt from Gate’s official website “User Agreement” regarding stolen assets, governing law, and dispute resolution)
(3) Make public statements and file complaints with regulators based on facts
Making public statements, contacting the media, or filing complaints to regulators in the exchange’s jurisdiction or licensed location can sometimes indeed push the platform to take the issue seriously, and may also lead to further communication or negotiation.
But note the boundaries here.
Rights protection must be based on facts and evidence. You can state your experience, disclose the platform’s replies, and raise reasonable questions. But do not fabricate facts, exaggerate losses, or maliciously attack the platform. And never use public opinion pressure to demand the other party must pay for damages without a responsibility basis.
Otherwise, the situation may shift from rights protection into new legal risk, such as defamation. In severe cases, the other party may even counterclaim for extortion or blackmail.
Truly effective public statements are not emotional output, but clearly explaining the evidence, the timeline, and the focus of the dispute, so the public, media, and regulators can judge.
(4) When evidence is unclear, negotiation and settlement is also a realistic option
Many exchange coin-theft disputes are not able to clarify all responsibility at the outset.
The user believes the platform’s risk controls failed; the platform believes the user’s information was leaked. Each side holds part of the evidence, but neither can fully prove its claims. In this situation, if you keep going to the end, the time, costs, and uncertainties can be extremely high.
Therefore, assuming both sides hope to stop the losses as soon as possible, negotiating a settlement, partial compensation, and jointly pushing for freeze and recovery may be more realistic ways to resolve the issue.
Of course, before settling, you must retain evidence and clearly specify the nature of payment, confidentiality terms, future recovery arrangements, and whether it affects continued police reporting or asset recovery.
4. Reminders for ordinary users
First, don’t place your hopes only on one path.
After a coin theft incident, criminal reporting, on-chain tracking, platform communication, regulatory complaints, and civil claims or arbitration assessment can be advanced in parallel depending on the actual circumstances. Each path has its limitations, but together they are more likely to create pressure and opportunities.
Second, prevention before the incident is far more important than rights protection afterward.
Do not keep large amounts of assets on exchanges for a long time. For assets you can self-custody, manage private keys and mnemonic phrases carefully; for assets kept on a platform, you should also use independent strong passwords, hardware security keys, or passkeys, and use the cloud sync function of 2FA with caution.
Third, be especially careful with KYC information and device permissions.
If identity cards, face video, and held-ID photos, as well as Alipay or bank card information, are obtained by criminals, they may be used to bypass platform checks or carry out AI face-swapping attacks. Do not send these materials to strangers casually, and do not upload them to websites, apps, or customer service links with unclear origins.
Fourth, don’t delay after noticing anomalies.
If you cannot log in to your account, if your email or phone is bound abnormally, if the exchange account is restricted, if you suddenly receive withdrawal notifications, or if your device is suspected of being infected, you should immediately stop all actions, preserve evidence, contact the platform to freeze the account, and consult professionals as soon as possible.
Written at the end
Returning to the Gate incident, as of now, the facts still need to be further clarified, and we should not pre-judge conclusions when evidence is insufficient.
But at the very least, it reminds all virtual currency users of one thing: an exchange account is not a vault, and face recognition and multiple verifications are not absolutely secure. AI face-swapping, device control, identity information leakage, and platform risk-control vulnerabilities can all become openings for asset theft.
Once a coin theft occurs, you should quickly preserve evidence, track the funds, contact the platform, assess responsibility, and choose an appropriate rights-protection path. For ordinary users, security awareness should always come first. Where assets are kept, who receives permissions, and how identity documents are stored—these seemingly trivial issues often determine how much room for remediation you still have when real risk arrives.