Neil’s GateHub cryptocurrency wallet data breach

Neil* lost £220k in the GateHub data breach. The theft was made possible as GateHub’s cybersecurity was deeply flawed on multiple levels. Here’s what happened in this case, and how to claim compensation from GateHub if you were impacted by this data hack.

*Real name cannot be disclosed for confidentiality purposes.

What happened in this case?

GateHub offers a digital wallet to store cryptocurrencies. It describes itself as ‘the world’s most popular XRPL gateway’, claims that its customers’ money is “always safe and 100% backed”, and that, as a company, it is “deeply committed to protecting your personal data”.

However, in 2019, GateHub was involved in a huge data hack.

Cybercriminals managed to steal 24 million XRP Tokens (commonly referred to as ‘Ripple) from more than 200 individual GateHub user accounts. In total, the theft is thought to be valued at over $US 10 million. A statement published on the GateHub blog admitted that some customers had had their ledger wallets hacked and funds stolen.

What did our investigations find?

Experts at our firm pursued complex investigations into the security systems used by GateHub. Our data breach and cybercrime experts exposed that hackers faced flimsy security barriers before successfully accessing and stealing hundreds of thousands of pounds from customers of digital assets trading interface GateHub. We exposed that hackers not only had knowledge of the encryption algorithms used, but that the organisation had little control over developers or their operations.

A successful claim

Representing London based Neil*, our data protection lawyers secured a £230k settlement against GateHub.

Commenting in his case, Neil said:

“I lost £220k which simply disappeared from my GateHub digital wallet. It is a substantial sum, and I knew that I had been diligent with the security of my account. I contacted both GateHub and Action Fraud initially, both of whom investigated the incident.

“GateHub denied responsibility and in fact, blamed me for purportedly using an insecure password without providing any evidence to substantiate that claim. Action Fraud involved the Metropolitan Police, but ultimately, no action was taken.

“I instructed solicitors as GateHub purports to keep customers’ cryptocurrency safe. Not only did it fail to protect my investment, but it also failed to take any responsibility for my significant loss.”

“The stress caused by the incident cannot be underestimated. GateHub facilitated easy access to my funds and failed to recognise the inadequacy of its security system. This was a life changing amount and to now know how flimsy its security was – on multiple levels – was frightening. I am relieved that my loss has been recovered, but some may not be as lucky.”

Our analysis of the GateHub data breach

Led by head of data breach Kingsley Hayes, this was a very complex, and detailed, investigation which found that GateHub’s cybersecurity was deeply flawed on multiple levels. Initial media reports suggested that there were between 80 and 90 victims, however it is possible that number may be a significant understatement and up to 18,000 GateHub customers’ accounts could have been involved. In some cases, the losses for a single victim run to in excess six figures.

Our investigations revealed that:

“Like traditional money, cryptocurrencies can be used to buy goods and services, and they can be traded for profit, so it is no surprise that the cryptocurrency market is being targeted by criminals. With the equivalent of millions of pounds being stolen from cryptocurrency holdings each year, this is a very lucrative market, so it is vital that cryptocurrency businesses have robust data security measures in place. In this case, GateHub failed to keep its users safe, and it is only right that it compensates them for the losses and distress experienced”.

Kingsley Hayes, Head of Data  & Privacy Litigation, KP Law


Kingsley Hayes

Get your money back following the GateHub hack

Despite common belief, cryptocurrency crimes do not represent an investigative dead-end. At KP Law, our leading technical specialists investigate cryptocurrency cases to secure justice for victims. Our specialists help us to:

Understand and evidence how such crimes occurred (including the extent to which any party was negligent)

Assess damages

Identify offenders

Recover assets.

As inadequate security at GateHub made this hack possible, people affected by the cryptocurrency data breach may be able to claim compensation.

Why choose KP Law as your data protection lawyer?

When it comes to legal support, big organisations have deep pockets. And they are smarter and better resourced than ever before. So, it can be difficult for some law firms to stand up to such strength if they do not have data breach expertise or the resources to take the big players on.

At KP Law, we do not just even the score – we take the fight to them.

Our data breach team has the legal expertise and resources necessary to take on the corporate giants. What is more, the strength and means of our firm ensure that we never have to back down from a challenge. And with access to whatever resource we need – be that time to go the long-haul or the expertise to delve deep into the evidence – we have everything it takes to win.