A Gate.io user identified as "jheioff" has publicly alleged that approximately $1.7 million was withdrawn from their account without authorization, sparking renewed discussion about exchange security protocols. The user reported that after several days of inactivity, they discovered the funds had been transferred out despite maintaining multi-factor authentication including a phone-based authenticator, Google Authenticator, and email verification.
According to the user's account, suspicious email notifications appeared on July 4 indicating a password reset and security settings change, followed by an email address modification on July 5. The unauthorized withdrawals occurred on July 7, with the user filing a support request the following day. The user claimed they never received SMS codes, nor did they share sensitive documentation or account access recordings with any third party.
Gate.io responded by stating the withdrawals were completed on July 7 and characterized the incident as isolated, with no evidence of systemic platform vulnerabilities. The exchange attributed the breach to potential user-side data leakage and indicated an ongoing investigation while confirming normal platform operations. Discussion on X (formerly Twitter) has centered on two potential attack vectors: compromise of the user's email account enabling account recovery, or the use of deepfake technology to bypass identity verification checks.