Jump to content

pvap

Member
  • Content Count

    15
  • Joined

  • Last visited

About pvap

  • Rank
    Regular

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. So, this means they're decrypting secret keys from people who have used the same e-mail/password in some other sites. Thus, no need for a brute force attack, and in this scenario it doesn't matter how strong your password is. In principle, people that have used a unique password to access their accounts in Gatehub should be safe. Either way, if you are looking to keep your funds in Gatehub (not advisable), an additional protection method for people that have reused the same password accross several sites is the following: 1- Change your Gatehub password now to something never used before. This will force your current secret key to be encrypted with different data. Perpetrators can still decrypt your secret key, because they're in the possession of your old encrypted secret key + old password. Because of this, we have step two; 2- Now create a new wallet in gatehub, which will be encrypted with your NEW password only, and transfer all your funds there. I find it difficult to brute force all the encrypted keys even offline... with a strong password it would take centuries to achieve this, even with a powerfull processing machine. It amazes me how anyone can access the decryption algorithm that Gatehub is using just by looking at the source code of the browser during the "show secret key" request. Enej revealed this back in 2016, when explaining how a user could retrieve his own secret key identity from the site. The browser does all the decryption work! And this is probably how the hacker learned the algorithm. Good luck to all the victims... gatehub is definitely at fault here.
  2. Forget about 2FA. Your secret key is merely encrypted and saved in one of gatehub’s database servers. The only way to decrypt it is through the use of your password, with some unknown algorithm. This is why you can view your secret key just by inputting your password on the site. Someone probably managed to retrieve all of gatehub’s database encrypted secret keys, and then brute forced the heck of them offline. The secret key just needs to start with an ‘s’ and have a fixed number of characters. It was an inside job I guess... only way to know the decryption algorithm! I remember there were some tech guys leaving gatehub a year ago.... That’s why this is happening with old accounts only. As I said, someone probably left the company a while ago and took all the encrypted secret keys with him. This person has probably been bruteforcing the decryption of these keys offline for quite some time now. It’s just a two stepper really: 1- Bruteforce all the encrypted secret keys offline, with a powerfull processing machine; 2- Save all the decrypted secret keys starting with a ‘s’ and having a fixed number of characters; 3- Translate this list of secret keys to the corresponding public addresses; 4- Check their balances; 5- Steal everything you can; Hopefully the hacker has no access to recent encrypted keys in gatehub’s database servers, since he’s left the company already... but others do! That’s why I highly advise you to take your xrp off there and put it in cold storage. Regards
  3. Hello sir! Yes, that’s exactly what I’m scared of.
  4. Hello all, As everyone is already aware, SEC published a so called "Framework for Analysis of Digital Assets" document a few days ago. I've read it diagonally and there were red flags for XRP everywhere. You may have a different interpretation though. Because of this, some speculation came to light in the zerpbox, which I'm now bringing to the masses. This is JoelKatz wallet address: https://bithomp.com/explorer/r3gRpQRDdu7pzPhM9nDmXMgskbJ6vwTDbB Looks like he's been dumping his funds in coinbase recently. If we look closer into his past, you'll notice this tweet of his promoting Ripple: https://mobile.twitter.com/JoelKatz/status/944292967811919872 Remember the "two household names"? Right around this time he dumped millions of XRP into bitstamp. Take a look into the bithomp transaction history above to confirm this. We had a member of the community confronting him in twitter just today: https://mobile.twitter.com/DariStar2/status/1117634885332688897 I'm not keeping my hopes up that he'll reply though... It was mentioned by another user that Nick Bougalis (working for Ripple, and good friends with Joelkatz) was doing the exact same thing, but no wallet address was posted (maybe someone else in this forum knows it). And last, but not least, Joelkatz himself once stated that most Ripple employees had their bags either in cold storage or in Gatehub. Well then, check this recent transaction history from one of the whales: https://bithomp.com/explorer/rHBJhToGaESqiV9K1wydyoSPZNn7K2CcM3 What conclusions can we make from this information? Feel free to add anything I may have missed. Regards, pvap
  5. "The transaction failed because the provided paths did not have enough liquidity to send anything at all. This could mean that the source and destination accounts are not linked by trust lines." Reference: https://developers.ripple.com/tec-codes.html
  6. It's not a coincidence that Ripple's executives keep using these as examples for their use case. This time they've blended it in with a new article on Ripple's official site: https://ripple.com/insights/a-vision-for-the-internet-of-value/ A good read.... Regards, pvap
  7. Well, if you have to put it like that... then my second guess is.... https://www.ripplefoods.com
  8. Well, Google Ventures invested both in Ripple and Uber. So, I definitely have my bets on Uber as being one of them.
  9. Some of the trophies are unrelated to the "puzzle transaction". They were reported in the following dates: - 2017-03-30 01:18:00 UTC - 2017-01-16 05:20:19 GMT - 2016-10-11 03:00:34 GMT Of course, these could've been created by the project founder himself, to raise suspicion. But there's no concrete evidence of this. Still, I think it's an interesting subject to follow.
  10. Let me just add that if anyone is interested in knowing a little more about the algorithm that they're using behind the curtains, here's a good read: https://lbc.cryptoguru.org/man/theory I think the threat is very real, and honestly a bit upsetting.
  11. Well, that statistic was from his sole computational effort only. The project than evolved to become distributed. 54 hits in 1,5 years is impressive!
  12. I believe they're covering all the private keys in a 2^160 range. Something running in their favor is the fact that a public address can be generated from more than 1 private key (theoretically). So, we don't need to hold the original private key that was used to generate the public key. We just need a matching one.
  13. Hello everyone, New here... but I've been lurking for a while now. The other day I came accross this project: https://lbc.cryptoguru.org/about Basically, it's a distributed effort whith the purpose of creating private keys and matching them against a pre-defined list of BTC addresses holding funds on them. What amazes me is the fact that they've succeeded in doing so... 54 times already (check the trophies section)! I'm not going to discuss the algorithm being used here, nor if it would be more rewarding to put the computational effort into mining instead. But for anyone that's interested, just check the above link, or these two more references: https://bitcointalk.org/index.php?topic=1555043.0 https://bitcointalk.org/index.php?topic=1573035.1060 So, my question is... is Ripple vulnerable to a similar attack? Regards, pvap
×
×
  • Create New...