Jump to content

Xrylite

Member
  • Content Count

    93
  • Joined

  • Last visited

About Xrylite

  • Rank
    Regular

Profile Information

  • Occupation
    Software Engineer
  • Country
    United States

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. There's absolutely some subtlety in his demeanor. I feel like his comment about their system already being "ok" and "extremely cost efficient" might be a bit exaggerated. He also stated that "it is five times more expensive being with a cryptocurrency, with a stable currency, like Ripple". What throws me off there is if it truly is 5x more expensive (even after this long of testing?), why even continue pursuing any crypto if it makes your business bleed money? I would also love to know what numbers he's referring to. 'Cause, I highly doubt the cost comparison is for the transfer of funds. Instead, he's possibly bundling in the cost of integrating and signing on with xRapid, but that's the cost needed to save money in the long run and compete with those who are stepping forward. I try my hardest to avoid bias and attempt to read people based on their language choices, but I truly believe his phasing is right on track with what you're saying. He's trying to pass off the inability to come to a deal on Ripple. However, Ripple has the product that they need. So, they don't have the advantage of trying to force a better deal. Would we benefit from having another major world-wide service that people use every day? Of course! Does Ripple need to undersell their product to get them asap... not a chance. I commend Ripple for taking in MoneyGram and almost indirectly saying "We move with or without you."
  2. My research is pretty limited at the moment, but I believe the difference in validators currently is that anyone can be an XRP validator as long as you have the server to have it running. However, Libra sounds like the only validators may be the people who put up the $10M to found it. Not sure if the intent is to allow anyone to be a validator with Libra, but it seems pretty gated if you have to pay them to also volunteer your computer resources. I agree that holding any fiat (or any crypto) can be a risk factor. The xRapid approach would make the timeframe of holding XRP to be as minimal as possible. Don't know if that's Libra's intent as well. Just some initial thoughts even though Libra is going to be quite some time before we understand more about what they intend for it to do eventually.
  3. I find it fascinating that it's been more than a year since the XRP symbol was changed, yet articles like these are still showcasing the Ripple logo. They're going to have their minds blown when they realize that Windows doesn't have colors in its "window" logo anymore either.
  4. My interpretation is they're just being overly cautious with the uncertainty. There are a lot of major coins in that list, so I don't think it's really a hit on XRP to be included in such an array. The only thing sad to me is that I'm sure there are people that will take their crypto elsewhere. It's advantageous to support a variety of crypto options because people will more frequently trade and use your service (thus meaning more money off of fees). So, I'd anticipate it's a loss on their part, but it's exclusively for the comfort of not having the US ever come after them if regulation mayhem did ever kick in.
  5. Exactly that. They are aware that people know the issue and some of the solutions. So, they want to phish the idea that GateHub is providing a solution to stop the attacks from happening. It's a great tactical approach, but it does rely on finding people who are susceptible. As a side-note, it's entirely possible that they keep up-to-date with this thread (or watching reactions on any site to know how to adapt).
  6. This is also important because in some countries (I can only speak on behalf of the US) you can write off those thefts as losses on your taxes. It certainly wouldn't make you whole again, but getting a slight tax break (likely over multiple years depending on the quantity lost) is better than absolutely nothing. Everything was actually very clear throughout the entire list. I wouldn't have guessed English wasn't your first language. So, very good =).
  7. I don't want to incite fear if they do actually have a handle on things, but I wouldn't assume that everything is safe until we have an official statement from GateHub on what they definitely know. It's still pretty advised to move the funds off if they're anything significant (honestly, probably anything over a few hundred is worth safeguarding). The peace of mind alone should be worth it. My concern with this kind of statement is that it isn't a "we can guarantee you're not at risk". We've seen the list of people expanding beyond what was initially thought, so it seems like there may be more at risk that haven't been affected just yet.
  8. I wanted to have some respect for at least making it public, but I am a bit sad that it is a clone of what was already provided to us here. Stating there's only "58" wallets affected was inaccurate almost immediately after it was posted to us here since we still had people stop in and mention that they were compromised as well. Sending an email to "all users that might be affected" isn't really enough if it isn't a guarantee that they are the only users that could be affected. It's absolutely a tough time for everyone involved, but people need to know how dangerous this is. It sounds like it's been going for days and the issues are still rolling out. It sucks to suggest that people all move their funds off GateHub entirely in the mean time, but this is time sensitive and people's funds should be safeguarded in any way while it's an unknown how or what all is at risk. This is different than an exploit at an exchange because GateHub can't lock down all wallets until they figure things out; they also can't (or shouldn't be able too...) move all the funds to a safe wallet later either. This has to be done per-person and as soon as possible.
  9. FYI: You can receive without the device plugged in. No authorization or authentication is required to receive. Correct. Hardware wallets like the Ledger Nano S aren't anything more than a gated way to send XRP from your wallet. The wallet created on the Ledger Nano S never tells you the secret key, so it's practically impossible for anyone to steal from that wallet without one of two things: they either need your Ledger and need to know whatever simple passcode you use to unlock it; or they need to know your 24-word recovery phrase to be able to recover the wallet onto another device. When you try to make a transaction to send XRP from that wallet, the Ledger is needed to affirm the transaction so that it actually processes the send using the secret key that only it has. To my knowledge, even malware on your computer isn't capable of stealing the secret key from the Ledger when connected since everything is "military-grade" encrypted. GateHub is based in London, so it's an international issue if it were to involve a legal system. Certainly still worth reporting, but it's not as simple if it comes down to finding GateHub negligent in some manner.
  10. They can't shut down withdrawls because they're not a holder of the wallet. It sounds like these thefts are because someone has access to not only the wallet, but the secret keys themselves. They could go into lockdown with APIs and logins if they felt it was still being abused right now, but it sounds like the consensus so far is that whoever has access to those items already has them locally. So, truly the only safeguard when someone has your wallet and potentially your secret key is to re-key the wallet (I don't know the technical background of the steps or risks involved there) or to just transfer the money to a different wallet and consider that one useless (until you can re-key?). The withdrawl disabling happens mainly with exchanges because they are the only ones with access to the secret key and you're just basically in control of some funds in their wallet via your account.
  11. I agree that some passwords can be trash and still use numbers, letters, and special characters. For example, "password11!!" has shown up 54 times in the few breaches mentioned by HaveIBeenPwned. However, if their password is exclusively used for that one account and it doesn't show up as a password in any of the known password lists, I think it should be considered reasonably safe. If you're the only one to use "password22@@", then you aren't going to be in a predefined list of passwords to brute force and check first, so it's going to take at least a bit longer unless the pattern in the brute forcing is designed in a way to try all variations from the known list that seem reasonably close. There are definitely a lot of "ifs", which is why I'd hope we can affirm if anyone used a diceware or password management software.
  12. He did mention some information about his password a few pages back. I tried asking a day or two ago if anyone was using password management software (Lastpass, Dashlane, 1Pass, etc.) as those would also be pretty immune to brute force. The moment cjeremys2 mentioned he was affected, but his password is what it should be to be considered safe, that means that this isn't solely a password issue. It certainly could involve it with some people, but I feel the nature for which they've been taking XRP would be pretty consistent. So, it's probably worth skipping password assumptions and focusing on other ways that they obtained secret keys.
  13. It does almost seem like everyone is susceptible if some of the theories mentioned here are true. Especially if we're seeing feedback from people like @Geekluca mentioning that even smaller wallets are still being cleared days after acknowledgement. Unless they've guaranteed who all is potentially or may be affected in the upcoming days, then it seems like it would make sense to have everyone prepare proactively. I have no experience with "re-keying" a wallet, so maybe that is the solution that's free. However, not everyone will be up for just moving all the funds out since the 20XRP reserve is still required to stick around. It's a small sacrifice, but I suppose it's worth it if you have more than 100XRP stored there Forgot to mention that I made my account in December, 2017. I wasn't sent any sort of email from GateHub in regards to these issues, in case that helps with timeframes or who all may have received an email.
  14. A lot of respect for you and everyone else involved with researching this. I don't know much of the backstory, but my impression here is it's something you all are doing out of a courtesy and you weren't hired to do this sort of research. Regardless of if that's true, that's amazing that there are people working behind the scenes to essentially help people on the Internet.
  15. There's one or two including me but it's premature to bring in lawyers. You're absolutely right. There are so many factors still being looked into before anyone can point fingers and carry pitchforks. The more people stopping by and giving fresh insight is certainly helping figure out where the issues may have arisen from. Honestly, it's likely that the aggregate feedback of people here have helped isolate out some possibilities, making it easier for GateHub to figure out what's going on. They can work on investigating if they see anything logged behind-the-scenes, but it helps having first-hand experience for them to not waste time looking into the wrong thing. Things like sharing that there were no "suspicious login" emails suggests that they probably don't need to assume it's just a password breach; or the statements that it seems that it's happening almost exclusively to high-value accounts suggests that they have access to a wallet list to find who to focus on for the highest yield. Also, as a sidenote, lawyers aren't all going to be specialized and knowledgeable in every aspect of law. For example, if someone does family law exclusively, they're not going to have very much to suggest on this matter outside of some best practices. It's the same reason why people in the IT field are assumed to be specialists in both hardware and software xD.
×
×
  • Create New...