Jump to content


  • Posts

  • Joined

  • Last visited

Recent Profile Visitors

415 profile views

fluxw42's Achievements

  1. There won't be anything in the access logs if they can decrypt your secret by bruteforcing or guessing your password.
  2. I also don't know why there are 8 satellites, seems like a waste at first sight? You could easily do the same from 2 accounts, one being the issuer of your dummy currency and another that does the actual transactions.
  3. I assume weak passwords were brute forced? My account was also in that database, with a balance that could be profitable. It was not stolen but I was using a strong, unique and long password. Passwords were stored as a bcrypt hash, which has built-in salting and some resistance against brute forcing. If you're using a weak password, or re-using passwords from other (possibly leaked) sites it's instant game over. Just my guess though. If someone actually knows, please enlighten me
  4. Looks awesome! Why is is the number of voters, threshold and consensus percentage not visible if the amendment is enabled? It could also be interesting to see if a minority is against a certain amendment. Thanks btw: xrpscan is my go-to site for quick address and transaction lookups (next to bithomp)
  5. That looks more like a feature than a bug to me ... I see that there is an internal ticket id (RIPD-1781). Looks like a Jira id, can we also access this one or is it internal only?
  6. Which tells more about the profits than the hosting costs at least for me. Maybe someone else had a better trick to actually make it work.
  7. Yes it's for circular payments / arbitrage. If you find a path through multiple books that gives you a surplus (eg using Bellman-Ford) you can send your own issue over it, converting the arbitrage margin to XRP. This is not my account, but I've tried it before with limited success. The arbitrage possibilities are small AND you have to be the fastest, because there are multiple people doing exactly this. Just keep an eye on transactions which result in 'tecPATH_DRY' and you'll find them quickly. Same for the transferred amount: mostly 10'000 or 20'000 of a self issued currency. It was a fun project, but for me the hosting costs vastly exceeded the gains
  8. There are quite some people who run validators here. Do you guys keep logs? It doesn't look like they used Gatehub to transfer the money. Gatehub normally stores a memo but their transaction is clean, there's no additional info there. So my guess is that while stealing the funds, they probably connected to one of the public rippled servers to submit their transaction. If there are logs, you could get an IP for the fraudulent transactions. If they used their own rippled instance, maybe it's possible to see which IP proposed the transaction first? Just an idea Sorry but that's some ******** and fearmongering right there. Even if it was true, why steal from the highly visible Ripple accounts instead of their Gatehub hosted ones?
  9. Looking for an official response from Gatehub, hoping to get it here: Does Gatehub store deleted wallets? I currently have 2 wallets in GateHub and also got 2 security warnings. In the past I had more wallets, but extracted the secret and deleted them from Gatehub ~1-2 years ago (in case my account was breached). Can I have a list of the actual wallets of which the secret key may be compromised? It would be useful if Gatehub included the wallet address in each security notification they send out by mail and phone.
  10. Another option would be to represent the full address in a visual way so it's easier for a human to recognize. This way you encode the FULL address, and changing a single bit gives you a completely different image. Some examples generated using http://identicon.org/: The genesis account (rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh) Gatehub (rhub8VRN55s94qWKDv6jmDy1pUykJzF3wq) RippleFox (rKiCet8SdvWxPXnAgYarFUXMh1zCPz432Y)
  11. Wow that's expensive Definitely cheaper over here: I use a locker in a bank and it costs me 35€ a year, that's peanuts compared to what you could lose.
  12. If you're not trading? One or more offline generated paper wallets, put them in a secure locker in a bank. That's way better than having a Ledger S recovery phrase laying around somewhere in your home (which is almost the equivalent of having your secret, even if you don't have access to the hardware ledger).
  13. So what I read between the lines from all this fuss: If you're using a hardware wallet such as the Nano S, don't become careless because your secret is reasonably safe: Only use your ledger on a trusted machine Don't leave your hardware unsupervised in someones hands Know what the hardware ledger can protect you against, but more important, know against which attacks it CANT protect. Consider if you really need a hardware wallet, if you want to use it as cold storage, there are better solutions IMHO An attacker doesn't need your secret to steal your stash, he needs a valid signature on a malicious transaction.
  14. Yes, this! The TrustSet quality fields have a short description on what value it should be (a value n, where the quality is n/1,000,000,000), but I've seen examples which just use percentages such as 1.01 ... Also a description on what it actually does would be nice ;-)
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.