Gate.io Under Fire: $1.7 Million Loss Sparks Debate Over Cybersecurity and Exchange Responsibility
Cryptocurrency exchange Gate.io has found itself at the center of a storm following a user’s claim of a $1.7 million account hack. The incident has ignited a fierce debate over platform security, user verification processes, and the evolving responsibilities of exchanges in an increasingly complex digital landscape.
Gate.io Shifts Stance: From Denial to Active Assistance
Initially, Gate.io adopted a firm stance, asserting that its platform experienced no systemic security vulnerabilities. The exchange maintained that all contested account operations had successfully passed multi-factor authentication (MFA), leading to an initial deadlock between the user and the platform.
关于今日网传”Gate 被盗 170 万” 的消息,我们把” 案件重组” 一下,做时间线复原,把情况跟大家说清楚:
先说结论:这不是系统性风险及网站安全问题,目前确保全站客户资产及账户安全。针对这次事件,如下场景显示有诸多疑点,现将操作事实进行如下披露。出于隐私保护,我们对具体时间点进行了隐藏。…
— Gate 华语 (@Gate_zh) July 8, 2026
However, as public scrutiny intensified, Gate.io adjusted its response. The exchange subsequently announced it had established direct contact with the affected user and formed an internal expert team to assist in tracing the flow of funds. In its latest statement, Gate.io confirmed the completion of data collection and incident verification. The platform is now actively assisting the user in reporting and initiating procedures for fund freezing and recovery, while also urging the user to formally file a police report and seek judicial assistance.
接到用户反馈后,我司高度重视,已第一时间与客户建立了联系,全程实时跟进,保持实时沟通。公司内部也成立了专家组,协助用户追查相关资金链路。目前已与用户完成资料收集和事件经过核实,正同步协助用户申报资金冻结和追回。同时也敦促用户进行立案,寻求司法帮助,我司也将全程配合。…
— Gate 华语 (@Gate_zh) July 10, 2026
Gate.io further pledged full cooperation with investigations should the matter proceed to legal action. This shift from its initial strong denial on July 8th to a more conciliatory approach appears to be an effort to mitigate public criticism regarding its customer service, cybersecurity accountability, and crisis management.
CEO Issues Apology, But Denies System Breach
The core of Gate.io’s recent apology primarily addresses communication handling and user experience. Responding to online criticisms regarding poor customer service, the platform stated it has prioritized improving internal service processes and will implement clearer communication guidelines to enhance interaction with its user community. Gate.io also extended apologies to the affected customer and the online community following the incident, expressing gratitude for the feedback and suggestions.
Crucially, Gate.io’s apology maintains a significant boundary: the platform has not admitted to a system breach, nor has it accepted liability for compensation. Instead, Gate.io frames its assistance in tracing, freezing, and recovering funds as cooperation and goodwill support. The exchange reiterates its original position: platform records indicate that several critical account operations—including face verification, submission of ID-holding videos, email changes, login password resets, authenticator resets, and fund password resets—all successfully passed the account security verification process.
User Contests Operations, Discrepancies Persist
The affected user, posting on social media, claims to have never authorized the disputed operations. The user emphasized their stringent personal security measures, including the use of passkeys, disabling cloud synchronization for authenticators, and exclusively using the official Gate.io app. They suspect that attackers may have bypassed face verification through sophisticated deepfake technology and are demanding an explanation from Gate.io regarding who submitted the identity verification data and why account security settings could be reset without their knowledge.
针对 gate 说我自己完成的人脸认证,现在我公开视频铁证回应: 2026 年 07 月 04 日 19:44:XX UTC+8,整段时间内,我(黑衣男)全程在抱着我儿子玩耍,没有拿起手机做人脸识别,也没有进行任何 Gate… pic.twitter.com/mJ5mf7PyZG
— 第一美少女 (@jheioff) July 9, 2026
Gate.io previously suggested an alternative possibility: that the user’s device or associated accounts might have been compromised, allowing attackers to acquire the necessary data to pass verification. The platform also noted that the user had confirmed some older records, including payment data from 2019, matched their account identity.
According to Gate.io, the withdrawals—approximately 49.96 Ethereum ($ETH), 746,475 $HSK, and 1,565,982 Tether ($USDT)—were the result of a series of verified account operations. As of now, neither party has presented conclusive public evidence, and the core of the incident awaits further investigation.
Cybersecurity Responsibility in Focus, Exchange Customer Service Crisis Escalates
This incident once again underscores the challenging boundaries of responsibility for cryptocurrency exchanges when facing account theft disputes. If an exchange’s system records indicate that all operations passed security checks, yet the user adamantly denies authorization, should the platform merely rely on verification logs, or does it bear a more proactive obligation to assist and provide recourse? This remains a persistent industry dilemma. Especially with the increasing sophistication of deepfakes, social engineering, and device intrusion techniques, relying solely on existing KYC and multi-factor authentication may no longer fully meet users’ expectations for asset security.
Gate.io has currently opted to de-escalate the controversy by assisting with fund recovery, cooperating with judicial investigations, and improving customer service communication. However, it has not altered its fundamental assessment of responsibility for the incident. Future investigations that clarify the source of identity verification data, account reset processes, and fund flows will be crucial in determining platform liability and user-side risks.
For the broader exchange industry, this $1.7 million loss event serves as a stark reminder that handling cybersecurity incidents has evolved beyond mere technical record-keeping. It has expanded into a significant brand risk, impacting the speed of public communication and the restoration of user trust.
(The above content is an authorized excerpt and reproduction from our partner CryptoCity. Original article link)
Disclaimer: This article provides market information only. All content and views are for reference only and do not constitute investment advice. They do not represent the views and positions of BlockTempo. Investors should make their own decisions and trades. The author and BlockTempo will not be liable for any direct or indirect losses incurred by investors’ transactions.