Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by Silkjaer

  1. The phishing attacks starting as on ledger memo spam, now e-mail spam, is still making new victims. https://coil.com/p/xrplorer/The-homoglyph-heist/AUieXW_1D The current state (June 15) is more than 2,100,000 XRP stolen and 1,980,000 XRP laundered, mainly through to swap services: ChangeNOW and CoinSwitch.
  2. If you didn't make the payment, someone else did. How it happened is difficult to say (where/how did you store your wallet backup files, private keys etc), have you ever typed in the private key on an insecure website, is your computer infected with a keylogger or other malware, ever typed in the private key while connected to a public wifi …?
  3. One lead you could follow with law enforcement is that r3ne9vXa93RNH6VrJEj7hMtRoBt1pVV4PK was activated by Binance (they would have a record of who), and the same account also transferred money to Wirex (who also should have a record of who). This account has both sent and received money from the account you mention (rLDFYFYG3D1dDwyXPyx3v498zEKCxSHZWM)
  4. There has been multiple crypto theft related arrests the last months, but to my knowledge none has been related to this event. Could be a "mixup" of information
  5. r9Be4diPqgUcdPNPvzY1rFTTATLFhFeKSF is a https://changenow.io account, so it is only natural they still have account activity. ChangeNOW have confirmed they have frozen some of the stolen XRP.
  6. Not sending funds much around, changing accounts quite often etc. So only slight changes in how they operate.
  7. We've been contacted by a victim of June 27, so while we thought that the perpetrators were done this was a cue to look into movements to see if there were other thefts we didn't know about. Perpetrators have changed tactics and we have been able to identify several thefts, the latest being July 7, and the stolen amount is now close to 26M.
  8. Likely only the secret key is stored in encrypted form, but looking at session data also “personal identifiable information” such as email addresses, is stored and accessible with the API.
  9. Total amount 15 REP – looks like xrpcharts is confused about the USD value of REP In other words, they are payments of REP IOU's issued by Gatehub, and apparently xrpcharts think that the USD value per REP is ~38M, rather than ~15.
  10. On Gatehub you either create a new XRPL account (wallet), and they generate an address and private key for you, or you import an existing XRPL account by entering your address and private key. When you trade on Gatehub (or send money, add trustlines …) their software is doing it for you – and it couldn't without knowing the private key. However, they do not store this private key in "plain text", but encrypted with your password. So Gatehub cannot do anything with your account for you – only when you have signed in and decrypted the private key for the active session. Since we have n
  11. Nothing wrong with considering worst case scenarios. But likely Gatehub doesn't even store KYC material themselves. And I'd rather focus on more likely scenarios first, since the evidence on the XRPL doesn't point in that direction
  12. You're describing a worst case scenario, but there is no reason to believe, or any indicators pointing to KYC material being stolen. The stolen funds has been processed through less than 20 exchanges, some of which don't have KYC requirements and are exchanging services. On other exchanges they have re-used old exchange accounts, that are connected to other criminal activity. The stressful boost in liquidating funds yesterday and today leaves much room for errors and slip-ups. I am convinced that law enforcement will have an easy job of finding at least some of the perpetrators behind the heis
  13. Comment on last paragraph: Lastest victim is from yesterday, latest cashout was today. Perpetrator is using more than 30 accounts. We prepared a chart of the thefts:
  14. I am sorry about the confusion – too fast on the trigger. The e-mail topic is the same on legit mails coming from Gatehub, but if the mail comes from gatehub.com and contain a secret key, it is a phishing attempt.
  15. We have had reports that some people are receiving phishing e-mails with an e-mail that contains new wallet information that @gatehub supposedly has created to move funds to safety. The e-mail contain a new address AND secret key for the user and instructions on how to import it to Gatehub. If you receive an e-mail with a secret key, or matching the description above, it is NOT from Gatehub, but a phishing attempt. If you have a copy of said e-mail, please forward it to info@xrpforensics.org.
  16. If anyone has received an e-mail, "Critical Security Warning / Action Required - New Secured Wallets", please forward it for review to info@xrpforensics.org. Do not follow e-mail instructions.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.