Jump to content

Warbler

Platinum Member
  • Content Count

    349
  • Joined

  • Last visited

  • Days Won

    2

Reputation Activity

  1. Like
    Warbler reacted to Fleshmeister in Binance, Ripple and Tron work together to reduce period poverty   
    https://finance.yahoo.com/news/binance-ripple-tron-together-reduce-112449736.html
  2. Like
    Warbler reacted to Hodor in XRP News Update: June 21st, 2019   
    Blog URL:  https://coil.com/p/Hodor/XRP-News-Update-June-21st-2019/5jVJvC10y
    The MoneyGram deal and Facebook continue to grab headlines, but I cover all the other major news impacting XRP in my latest blog.  
    𝐆𝐞𝐧𝐞𝐫𝐚𝐥 𝐁𝐥𝐨𝐜𝐤𝐜𝐡𝐚𝐢𝐧 𝐍𝐞𝐰𝐬: The Token Taxonomy Act has two new sponsors & I encourage people in the US to write their local Representative!
    𝐑𝐢𝐩𝐩𝐥𝐞 𝐍𝐞𝐰𝐬: Bloomberg's interview with Brad Garlinghouse is watched by 150 thousand twitter users; Brad Garlinghouse participates in a chat at the Fortune 'Brainstorm Conference' in Monkau, NY; a former SEC exec joins Ripple; and Interledger publishes the remaining videos from the ILP Summit in April.  
    𝐂𝐨𝐢𝐥 𝐍𝐞𝐰𝐬:Coil announces their 'Boosting Payout' program and provides an application for those authors interested; and I provide my latest Coil recommendations.
    𝐗𝐑𝐏 𝐍𝐞𝐰𝐬: Wietse Wind upgrades the XRP Tip Bot (application) with higher limits; Leonidas reminds users that XRP Arcade has an option to keep up-to-date on the latest tweets; and CryptoDotCom announces that their 'Crypto Earn' program is now available for all US customers.  
    I hope you enjoy the read: Please feel free to share my blog with a friend or share it on any other platform - and thanks for doing so!  
    My blog announcement links on other platforms:
    Twitter Reddit r/Ripple Reddit r/CryptoCurrency Reddit r/CryptoMarkets Reddit r/xrp Reddit r/RippleTalk Reddit r/alternativecoin Reddit r/CoilCommunity Bitcointalk - alt coin sub forum Bitcointalk - XRP speculation thread
  3. Thanks
    Warbler reacted to Hodor in XRP News Update: MoneyGram on Front Page   
    Blog URL:  https://xrpcommunity.blog/xrp-news-update-moneygram/
    Ripple makes a dramatic market move, partnering to upgrade MoneyGram's international payments! Read more in my latest blog:
    𝐑𝐢𝐩𝐩𝐥𝐞 𝐍𝐞𝐰𝐬: Ripple announces their new partnership with MoneyGram; CIMB produces a new commercial that emphasizes it 'runs on Ripple;' and Ripple releases a video for the International Day of Family Remittances;
    𝐗𝐑𝐏 𝐍𝐞𝐰𝐬: Ripple sponsors a new site for collaborative XRPL documentation; Standing Ovation decides to support XRP payments; Paralect assists goLance with accepting XRP as a form of payment; Secalot and Ledger hardware wallet logins can be used at Bithomp; and two exchanges - Bgogo & OceanEx - now support multiple XRP pairings.
    I hope you enjoy the read: Please feel free to share my blog with a friend or share it on any other platform - and thanks for doing so!  
    My blog announcement links on other platforms:
    Twitter Reddit r/Ripple Reddit r/CryptoCurrency Reddit r/CryptoMarkets Reddit r/xrp Reddit r/RippleTalk Reddit r/alternativecoin Reddit r/CoilCommunity Bitcointalk - alt coin sub forum Bitcointalk - XRP speculation thread
  4. Like
    Warbler got a reaction from BBS in Bithomp   
    Bithomp now supports sending XRP with Secalot!
    https://www.youtube.com/watch?v=2l1gsKMTcoM&
    https://bithomp.com
    Send XRP with Secalot Hardware Wallet

  5. Thanks
    Warbler got a reaction from BBS in Bithomp   
    New video released: How to rekey your xrp wallet using bithomp-tools
     
  6. Like
    Warbler reacted to Sukrim in regular key / multi-sign key   
    This is not a bug, it is a feature. You don't sign something with an activated account, you just need a key pair.
  7. Haha
    Warbler reacted to nikb in Improve the level of security of a xrp account   
    Uhm... what?
    Assuming a brute force attack is the most efficient way, then if you had a trillion computers, each capable of testing 1 trillion keys per second, it would (on average) take them almost 6 million years to find the key.
    Don’t hold your breath.
  8. Like
    Warbler reacted to Kakoyla in I have set a regular key for my account, but forget secret key pair with regular key   
    The first set regular key transaction per account is free, you don't have to pay the 10 drop fee. After you set one regular key this flag flips to spent, you used your free one. If you paid for your first set regular key, you do not get a free one next time. One chance only per account. 
    Examples :
    spent with no fee paid for 1st-  https://test.bithomp.com/explorer/r4jJwo1QNxvESLxQ5njTAcEsUGuM6rs2um
    Spent with fee paid for 1st- https://test.bithomp.com/explorer/rPmn6jRquyPjLPGKyyQzfpqvwpVqoa6fUr
     
  9. Like
    Warbler reacted to Flintstone in Where are we all from?   
    Hello @HumphreyBear   Revolut (SEPA Transfer) -> Bitstamp is my preferred method and an offline wallet created with Bithomp Tools.
    You can also buy XRP on Revolut but it is non withdrawable.
  10. Like
    Warbler reacted to xrptipbot in a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k   
    Not really, their encryption and decryption is in public JS source. All the required params to decrypt are in their database and your session after logging in.
    When unpacked it looks like this:

  11. Like
    Warbler reacted to Pablo in a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k   
    @JillianIf you are comfortable sharing more information, there is a private club set up on XRPChat for victims of this hack. @Silkjaer or @alloyxrp can arrange invites for you.
  12. Like
    Warbler reacted to FlyingFox in a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k   
    Refer to Warbler’s post towards end of page 36 - you can use his Bithomp Tools to do exactly that. Online at: https://bithomp.github.io/bithomp-tools/
    but even better if you can download this (link to download is on page above too), put on USB stick and perform required signing actions on an offline computer.  You can then submit the signed transaction by taking the signed transaction it gives you to an online computer and submitting it to Bithomp.com as well (select the submit transaction option)
     
  13. Like
    Warbler reacted to pftq in New Ripple client/wallet: The World Exchange   
    In light of Gatehub's recent hack, I'm considering whether to rename The World Exchange so that it's more clear that this really has no back-end and doesn't store your keys, not even encrypted.  I already replaced the tagline and footer to make it clear that this "exchange" operates directly on Ripple's blockchain with no intermediary server.  I actually have the domain https://www.rippleclient.com/ but that might lead to confusion with the older min ripple client.  If there are other ideas, let me know.  I think when I built this, it was during a time that was still vague for how best to describe blockchain to the public, but things have changed obviously. 
    I've also suggested to a few people at Ripple Labs to perhaps change the RippleTrade page to link to wallet tools like this and Bithomp instead of Gatehub, but had no luck there.  IMO tools like this are much closer in spirit to the original RippleTrade which also didn't store or process any of your information (they processed your activities directly to the Ripple network and didn't store your keys, encrypted or not, anywhere).
    It bothers me that there's no real clarity to users what tools are actually "wallets" and what are actually centralized servers storing your keys.  If you search "XRP Wallet" on Google, one of the first things that come up is Gatehub, instead of something like Bithomp, Toast Wallet, or the tool here.
  14. Thanks
    Warbler reacted to Bitrookie007 in a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k   
    For all victims that have not filed a complaint with a LEA yet => make sure you do so ! Legal action is a very important signal and might be a precedent for the future or rules that are being made !!!
    Everyone who already filed a complaint => make sure you have added all relevant information to your case for a complete report ! Please also share the number and jurisdiction of your complaint for other victims.
    Please also send a message to @Silkjaer or @alloyxrp to be added to a specific group to share your information !
     
    What I would suggest:
    1. Make sure you have a very thorough statement/declaration. This is the most important part since it is the first thing that is read by magistrates of the court. It might also help the police officer that files your complaint to better understand what happend/is happening. Not everybody knows blockchain or xrp.
    2. Normally you always have the right to add additional information/self written declaration/documents/anything usefull/... to your case. I would suggest you make sure to include a list of the main adresses that were used by the 'hacker' to flush xrp out of all the accounts. Most important the one that was used to flush out YOUR xrp (signaling in the system/criminal database)
    3. If you have received any relevant information from Gatehub, add it.
    4. Define the exact amount of your loss in your local currency. (at the exact time the xrp were stolen). Just 'a number' of xrp doesn't say a lot about the monetary value you have actually lost. You can also add a print from Bithomp or your wallet that can prove wich amount of xrp was drained from your adress. Normally people need to add a bank statement to prove their loss but this will do for this case.
    5. In Belgium we have a document called 'verklaring benadeelde persoon'. This is added  as an attachment to the complaint and is signed by the victim. This means you want to receive updates from the court what happens with your case. I don't know if such thing exists in other countries? If it exists, make sure to ask about it.
    6. Print the following article from Silkjaer and add it (https://medium.com/xrp-forensics/overview-of-the-gatehub-hack-f88a441c9203) might help the court and officers to understand the size of the case. Other press related articles might also be relevant but make sure the information is correct. I would also suggest that you add the most recent visual graph that Silkjaer has made. It's always better to have a visual representation to see how the paterns work.
    It's also nice to know wich exchanges/services were used to launder the xrp. If the exchange or service is based in your country, the court might be able to send a claim. They are then obliged to provide personal information about accounts,identity, bankaccounts, ... that were used to launder the xrp. All this information is logged so you always have a digital footprint !
    7. Add all case numbers you know from complaints filed by other victims. CLEARLY STATE THEIR COUNTRY/JURISDICTION !!!
    8. If @Silkjaer or the people from Xrpforensics can and are willing to share relevant information with LEA, give them their e-mail (info@xrpforensics.org). Please do ask them first if they are willing and are able to do that.
    9. If you lost a significant amount of money,  go speak to a lawyer and see if you have other available options in your country. There are options to urge that the court does something with your case (might cost you some money). In Belgium there are services where you can go for a free (basic) legal advice. Maybe such things exist in other countries. Make sure to check it out.
    10. Ask the police officer if there is anything else from information that you are able to provide that might help your case. Might be specific for certain countries since I don't know the exact way they work.
    11. If the officer doesn't know about xrp, explain him/her that all addresses are public and can be found with the right 'tools'. (Bithomp etc.)
    12. If you need to speak to someone about what happened, please do so ! Your wellbeing and health are important. Speak with friends, family, someone you trust or specialized services. Some people lost life changing money and this will affect you one way or another.
     
    footnote:
    I hope my English is good enough for everyone to understand what I mean. I apologize in advance for any mistakes or words used in a wrong context since my mother tongue is Dutch.
    Please also note that my suggestions might be biased since I work for a LEA in Belgium ! Things might be totally different in other countries.
  15. Like
    Warbler got a reaction from pucksterpete in a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k   
    It's might be easier and quicker just to create a paper wallet and move funds into it. Though 20 xrp will be locked as a base reserve on the new paper wallet.
    paper wallet is open sourced, you can download it from github: https://github.com/Bithomp/xrp-paper-wallet
    Otherwise you're right, though it can be a bit more complicated/secure
    It's more secure to download software like wallet generator, paper wallet or bithomp tools and then transfer them to an offline computer/phone/tablet/rasberyPi which will be never be online, and then do all the operation with the secrets there, offline. Bithomp tools supports offline mode.
    For a smaller amounts, if the computer is secure, you can use a private mode in browser.
    xrp-wallet-generator also open sourced and available on github to download:
    https://github.com/Bithomp/generate-xrp-wallet
    same for bithomp tools: 
    https://github.com/Bithomp/bithomp-tools
     
     
  16. Like
    Warbler reacted to alloyxrp in a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k   
    Thank you for the kind words. Please do visit the public graph database at xrpgraph.com @Silkjaer is IMO the undisputed champion in visualization of the XRP ledger. His work has proven useful in as diverse areas as creating stunning art, to analysing patterns in scams on the XRPL.
    https://medium.com/@silkjaer/the-full-xrp-ledger-visualised-55d2b10fade8
    https://www.forbes.com/sites/thomassilkjaer/2019/04/05/the-dark-side-of-cryptocurrencies-scams/?ss=crypto-blockchain#13e26e566c94
  17. Like
    Warbler reacted to alloyxrp in a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k   
    We also encourage people to visit the page at https://xrpforensics.org/list . This is a human readable form of our API that tracks potential scam addresses. The methodology consists of painstaking manual visual verification of scam sites (with screenshots) combined with algorithms to find related scam addresses.
    This is not related to our analysis of the current issue faced by Gatehub customers.
    We also post information as soon as we come across a scam or phishing site via our Twitter handle @xrpforensics .
    We are ever open to receiving additional information by victims, whistleblowers and concerned community members at our mail ID info@xrpforensics.org .
    Please note that we read every single mail. Our responses may not be immediate simply because we are a volunteer group and need to manage our time accordingly.
  18. Like
    Warbler reacted to Bitrookie007 in a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k   
    Long time lurker here but decided to finally create an account.
    First of all i feel terrible for all the people who lost their xrp. I hope the person who did this can be found and all the zerps can be reimbursed to their rightfull owners.
    @Silkjaer & @alloyxrp keep up the good work with xrpforensics. As an active LEO I find the things you guys do very, very interesting. I believe blockchain is the future and we can't know enough about how to 'read' patterns and track stolen funds. Also wondering what kind of software you guys use to create the awesome visual graphs.
     
  19. Like
    Warbler reacted to alloyxrp in a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k   
    Unfortunately we cannot answer the question of getting the XRP back.
    However, we do again urge all victims to make a law enforcement complaint. Remember, the more complaints there are, the greater the possibility of a coordinated effort by multiple agencies to track down the perpetrators.
    On behalf of xrpforensics.
  20. Like
    Warbler reacted to Hero_Member in a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k   
    so yes, probably Chloe and Dave got hacked. The hackers activated accounts with the stolen XRP.
  21. Like
    Warbler reacted to Silkjaer in a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k   
    On June 1 we were made aware of a theft of 201,000 XRP (transaction F6E9E1385E11649A6C2F88723A821AF209B54030886539DCEF9DDD00E6446948) and immediately started investigation. It turned out that the account robbed was managed through Gatehub.net, and that the offending account (r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k) had stolen substantial amounts from several other XRP accounts, likely to be or have been managed through Gatehub.net.
    The same day we made contact to Gatehub to make them aware of the potential security breach while continuing our independent investigation and contacting exchanges where the offender appeared to have laundered money.
    On further investigation, we found several other accounts connected to the theft, leading us to 9 primary suspect accounts:
    rU6EsDCiHHYbTtA4uGGo8zaaiRz2sbDBST rN5Gm1FijbTVeYFfpTRfGKfNZQY7hc9TbN rprMix9uYyQng5vgga1Vg8HTeBMCzaeM2i rUvPCdYJMzzGu9AFKrNeKgCTpxrpFc3RHt rJpKe5rbjgzzGJc1wm1xqKj6j4UjBQ6s48 rGSWKo2oiJnJiPEoHvDZTK2XG7RtE62Cbh rpBDxqWArAQTEfPeWwkUvBh1cbc885nirX r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k rKZ14F9KT65chQ382M33U41a4eniGMAyfG From analysing the data, we found the first likely victim to be 10,000 XRP (transaction 30FBBD47F6791A00BF0C1DCFF6CBD8AECBF9EF71141544C031B8FAF3EACB4C41) on 2019-05-30 12:25:40 UTC.
    As of writing this report, 2019-06-04 12:30 UTC, we gather that ~21,700,000 XRP has been stolen from 50-60 victims, of which ~12,300,000 have already been laundered through exchanges and mixer services.
    We have while conducting the investigation kept contact with some of the victims, with Gatehub and with the exchanges used for laundering.
     
    Scenarios
    While there is still no conclusive evidence pointing to the centre of the attack, here are scenarios researched in our investigation:
    1. Gatehub account hacks
    From analysing access logs by victims and transactions made on the XRP ledger, it does not appear that any accounts were breached on gatehub.net directly, using client login credentials.
    2. Phishing
    From interviewing victims, it does not appear that any of the victims had been victims of phishing attempts through, e.g. e-mails impersonating Gatehub.net
    3. Repeating nonce
    Since all victim accounts are older than December 2017, and while old accounts are more likely to be vulnerable to bad encryption implementation by transaction signing software, it seems not to be the case. To our knowledge, only a handful of accounts are vulnerable to this attack, none of which is the victims of this case.
    4. Incremental nonces
    While repeating nonces do not seem to be the core of the attack, it is still a possibility that a poorly implemented signing library has used incremental nonces, which makes brute force hacking a possibility. We have not been able to confirm or deny this theory.
    5. RippleTrade migration
    Since all victim accounts are older than December 2017, and many carry a RippleTrade username, bad practice in handling migration of user accounts could be the cause of the account access – however, it does not appear that all accounts are old RippleTrade accounts. Hence this is also unlikely.
    6. Browser client hacking
    While it is possible to retrieve user information by exploiting a vulnerability in the Gatehub.net API, we find it improbable to be the cause of the attacks. The victims are spread globally, and any such attacks would likely occur by sniffing access on a shared WiFi.
    7. Old database leak
    Since Gatehub.com is a hosted wallet provider, they store encrypted private keys. It is possible that an unknown database leak in the past has been exploited and private key brute forced offline until the offender found the funds retrievable sufficient.
     
    Exchanges and platforms used to launder money (not complicit)
    We have identified some of the largest recipients:
    changelly.com: 6,064,900 changenow.io: 2,976,192 kucoin.com:    1,081,500 huobi.com: 930,000 exmo.me: 136,940 hitbtc.com:    115,028 binance.com: 111,000 alfacashier.com: 58,000  
    Overview

    Yellow: Exchanges and accounts used to cash out exchanges
    Blue: Victims
    Red: 9 suspected accounts
    Note: A few victims may have not been channeled through the suspect accounts and have had funds sent directly to exchanges.

    A theft that involves multiple victims needs to be handled via law enforcement in various countries. We strongly advise victims to file a complaint with relevant authorities in their jurisdictions.
    On behalf of XRP Forensics
    https://xrpforensics.org
    (Public members: @alloyxrp, Bithomp, @Silkjaer)
  22. Like
    Warbler reacted to gatehub in a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k   
    We want to make it absolutely clear that:
    hosted wallets have not been compromised our cold storage has not been compromised  only a limited number of users that we have sent emails to might have been compromised We will keep you posted.
  23. Like
    Warbler reacted to gatehub in a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k   
    Dear valued community members,
     
    Recently, we have been notified by our customers and community members about funds on their XRP Ledger wallets being stolen and immediately started monitoring network activity and conducted an extensive internal investigation.
    Although we have not identified any action or omission by GateHub that may have facilitated or allowed this apparent theft to occur, we apologize deeply to all of our customers for this issue and pledge to get to the bottom of it.
    We already sent out an email to all users that might be affected as a result of suspicious API calls with instructions on how to protect their funds.
    If you received an email from us, please read it carefully and act accordingly.
    If you have not received an email from us, then we have no reason to believe your account was compromised.
    While the investigation is still underway and we can not post any official conclusions just yet here are a couple of findings so far.
    API requests to the victim’s accounts were all authorized with a valid access token. There were no suspicious logins detected, nor there were any signs of brute forcing.
    We have however detected an increased amount of API calls (with valid access tokens) coming from a small number of IP addresses which might be how the perpetrator gained access to encrypted secret keys.
    That, however, still doesn’t explain how the perpetrator was able to gain other required information needed to decrypt the secret keys.
    All access tokens were disabled on June 1st after which the suspicious API calls were stopped.
    At the moment we estimate that 58 XRP Ledger wallets were compromised. So far it looks like all the victims had their XRP Ledger wallets hosted on GateHub, but we cannot yet rule out that some wallets were not.
    To conclude the investigation as soon as possible, we are working closely with a professional IT forensics team to determine whether our system was compromised or not.
    Appropriate Law Enforcement Agencies were also notified about these thefts, and we will work diligently with them to help track the perpetrator who did this.
    We will post an official statement after the internal investigation has been completed.
    Last but not least, we would like to thank the community for offering continuous help.
    If you have any information that might help us or law enforcement agencies, please contact us via security@gatehub.net.
     
    Enej Pungercar
    Founder and CEO, GateHub
  24. Like
    Warbler reacted to Silkjaer in a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k   
    Reminder: There is no direct evidence pointing to Gatehub being responsible even though it may appear as the most likely scenario right now. Just be careful about jumping to conclusions

    What you can do right now, however, is preparing for action to be taken in all circumstances:
    If you are afraid that your funds are insecure, move them to a new account or re-key your current account. If you have lost funds, file a police report. Even though it may seem to not help immediately, it will require international law enforcement collaboration to investigate this – and rather have a report filed and "be in the system" than not. If you have any knowledge about phishing attempts (fake Gatehub emails) and similar, share it with them. Gatehub are surely conducting an internal investigation!
    I also belong to a small group of people who have been following this closely since the first reports came out, conducting our own independent investigation and monitor all transactions related to the heist, being in touch with exchanges where funds have been moved, analysing access logs provided by victims. We will share all information and leads we have with law enforcement agencies and assist in any way we can.
  25. Like
    Warbler reacted to Silkjaer in a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k   
    All reports to law enforcement is beneficial! 
×
×
  • Create New...