Jump to content

Xrphunter

Silver Member
  • Content Count

    1,270
  • Joined

  • Last visited

  • Days Won

    8

Reputation Activity

  1. Thanks
    Xrphunter reacted to Silkjaer in a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k   
    On June 1 we were made aware of a theft of 201,000 XRP (transaction F6E9E1385E11649A6C2F88723A821AF209B54030886539DCEF9DDD00E6446948) and immediately started investigation. It turned out that the account robbed was managed through Gatehub.net, and that the offending account (r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k) had stolen substantial amounts from several other XRP accounts, likely to be or have been managed through Gatehub.net.
    The same day we made contact to Gatehub to make them aware of the potential security breach while continuing our independent investigation and contacting exchanges where the offender appeared to have laundered money.
    On further investigation, we found several other accounts connected to the theft, leading us to 9 primary suspect accounts:
    rU6EsDCiHHYbTtA4uGGo8zaaiRz2sbDBST rN5Gm1FijbTVeYFfpTRfGKfNZQY7hc9TbN rprMix9uYyQng5vgga1Vg8HTeBMCzaeM2i rUvPCdYJMzzGu9AFKrNeKgCTpxrpFc3RHt rJpKe5rbjgzzGJc1wm1xqKj6j4UjBQ6s48 rGSWKo2oiJnJiPEoHvDZTK2XG7RtE62Cbh rpBDxqWArAQTEfPeWwkUvBh1cbc885nirX r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k rKZ14F9KT65chQ382M33U41a4eniGMAyfG From analysing the data, we found the first likely victim to be 10,000 XRP (transaction 30FBBD47F6791A00BF0C1DCFF6CBD8AECBF9EF71141544C031B8FAF3EACB4C41) on 2019-05-30 12:25:40 UTC.
    As of writing this report, 2019-06-04 12:30 UTC, we gather that ~21,700,000 XRP has been stolen from 50-60 victims, of which ~12,300,000 have already been laundered through exchanges and mixer services.
    We have while conducting the investigation kept contact with some of the victims, with Gatehub and with the exchanges used for laundering.
     
    Scenarios
    While there is still no conclusive evidence pointing to the centre of the attack, here are scenarios researched in our investigation:
    1. Gatehub account hacks
    From analysing access logs by victims and transactions made on the XRP ledger, it does not appear that any accounts were breached on gatehub.net directly, using client login credentials.
    2. Phishing
    From interviewing victims, it does not appear that any of the victims had been victims of phishing attempts through, e.g. e-mails impersonating Gatehub.net
    3. Repeating nonce
    Since all victim accounts are older than December 2017, and while old accounts are more likely to be vulnerable to bad encryption implementation by transaction signing software, it seems not to be the case. To our knowledge, only a handful of accounts are vulnerable to this attack, none of which is the victims of this case.
    4. Incremental nonces
    While repeating nonces do not seem to be the core of the attack, it is still a possibility that a poorly implemented signing library has used incremental nonces, which makes brute force hacking a possibility. We have not been able to confirm or deny this theory.
    5. RippleTrade migration
    Since all victim accounts are older than December 2017, and many carry a RippleTrade username, bad practice in handling migration of user accounts could be the cause of the account access – however, it does not appear that all accounts are old RippleTrade accounts. Hence this is also unlikely.
    6. Browser client hacking
    While it is possible to retrieve user information by exploiting a vulnerability in the Gatehub.net API, we find it improbable to be the cause of the attacks. The victims are spread globally, and any such attacks would likely occur by sniffing access on a shared WiFi.
    7. Old database leak
    Since Gatehub.com is a hosted wallet provider, they store encrypted private keys. It is possible that an unknown database leak in the past has been exploited and private key brute forced offline until the offender found the funds retrievable sufficient.
     
    Exchanges and platforms used to launder money (not complicit)
    We have identified some of the largest recipients:
    changelly.com: 6,064,900 changenow.io: 2,976,192 kucoin.com:    1,081,500 huobi.com: 930,000 exmo.me: 136,940 hitbtc.com:    115,028 binance.com: 111,000 alfacashier.com: 58,000  
    Overview

    Yellow: Exchanges and accounts used to cash out exchanges
    Blue: Victims
    Red: 9 suspected accounts
    Note: A few victims may have not been channeled through the suspect accounts and have had funds sent directly to exchanges.

    A theft that involves multiple victims needs to be handled via law enforcement in various countries. We strongly advise victims to file a complaint with relevant authorities in their jurisdictions.
    On behalf of XRP Forensics
    https://xrpforensics.org
    (Public members: @alloyxrp, Bithomp, @Silkjaer)
  2. Like
    Xrphunter reacted to peanut56 in When Ripple IPO?   
    I think when maturity is reached an IPO will be offered in order to make the original share holders very rich. Even though Ripple is a private company they still will have to answer to the people who originally invested in the company. With that strategy in mind  I would speculate that Ripple would offer an IPO after near full XRP adoption, to bring public awareness to the product in order to cause full adoption, or when it is just time to establish Ripple as the next google, and so on.
        I hope Ripple will have an IPO after XRP is in the hundreds or thousands of dollars per xrp so we can all by shares prior to an IPO.
  3. Like
    Xrphunter got a reaction from GiddyUp in Quidax to use Ripple’s XRapid Product to Revolutionise Remittance and Payments   
    Chief Executive Officer of Quidax, Buchi Okoro stated that cryptocurrencies like Ripple (XRP) can be used to increase liquidity for remittance businesses while reducing the cost per transaction to customers.......
    https://bitcoinafrica.io/2018/10/29/quidax-to-use-ripples-xrapid-product-to-revolutionise-remittance-and-payments/
  4. Thanks
  5. Haha
  6. Thanks
    Xrphunter reacted to karlos in New blog post by JoelKatz - What are blockchains good for?   
    https://www.distributedagreement.com/2019/03/01/what-are-blockchains-good-for/
    Discusses what blockchain can be used for, and the main advantages/disadvantages.
    (Apologies if this is a duplicate post, but I didn't see it anywhere else.)
  7. Thanks
    Xrphunter reacted to Dutchpinoy in Why is Ripple getting into video games?!!   
    I'm afraid you're ill-informed about xpring's construction and intended purpose. Ripple is laserfocused on their usecase, and will continue to be so. One of the marvelous benefits of the warchest they have, however, is being able to incentivize and nurture any initiative that aims to propel themselves using the xrpl, ilp and codus. They're indirectly turning corners into alot of neighbourhoods, not because they have to, but because they can.
  8. Haha
    Xrphunter reacted to ErikNL in A Big Bet on Blockchain and Gaming: Ripple and Forte Announce $100 Million Fund   
    XBOX, XPRING. Same same but different. 
  9. Thanks
    Xrphunter reacted to TokenBaby in Trust Wallet Adds XRP Support   
    "We are happy to announce that we are releasing support for XRP. A lot of you have been asking for this addition and going to back to our promise of adding the top 20 cryptocurrencies, it was only a matter of time until we completed the Top 3 cryptocurrencies by market cap with newly integrated XRP."
    https://trustwallet.com/blog/trust-wallet-adds-xrp-support
  10. Like
    Xrphunter got a reaction from HereIAm23 in Hi! I'm Bob   
    Welcome ! 
     
  11. Thanks
    Xrphunter reacted to Hodor in The Global Economy Needs Instant Value Transfer   
    Blog URL:  https://xrpcommunity.blog/the-global-economy-needs-instant-value-transfer/
     
    The global economy wants - 𝙖𝙣𝙙 𝙣𝙚𝙚𝙙𝙨 - real-time payments! I cover this & the latest news impacting XRP in today's blog:
    𝐆𝐞𝐧𝐞𝐫𝐚𝐥 𝐂𝐫𝐲𝐩𝐭𝐨 𝐍𝐞𝐰𝐬: Readers should strongly consider supporting Christine Lagarde, the current Managing Director of the IMF, as she champions serious debate of digital assets.
    𝐑𝐢𝐩𝐩𝐥𝐞 𝐍𝐞𝐰𝐬: Ripple donates one million dollars to Tipping Point, a local San Francisco non-profit; And the first ILP Summit is announced.   
    𝐂𝐨𝐢𝐥 𝐍𝐞𝐰𝐬: Ben Sharafian peppers social media with some recent innovative Coil-related code snippets for developers to use.
    𝐗𝐑𝐏 𝐍𝐞𝐰𝐬:  A new version of XRP Validator software is formally announced after the end of the voting period; the XRP Community Fund announces a bounty for a WooCommerce plugin; A member of the Good Souls Group (XRP Charities) announces a fund-raising campaign & t-shirt raffle for Children on the Edge; Fidelity announces a soft rollout of their new institutional custody and crypto exchange platform; SBI re-targets this July for roll-out of their real-time trading on SBI VC; HuobiGlobal announces support for XRP in its OTC platform; and QB.com, a Hong Kong - based crypto exchange, announces support for XRP;
    I hope you enjoy the read: Please feel free to share my blog with a friend or share it on any other platform - and thanks for doing so! 
    My blog announcement links on other platforms:
    Twitter Reddit r/Ripple Reddit r/CryptoCurrency Reddit r/CryptoMarkets Reddit r/xrp Reddit r/RippleTalk Reddit r/alternativecoin Bitcointalk - alt coin sub forum Bitcointalk - XRP speculation thread
  12. Like
    Xrphunter got a reaction from Kpuff in Hi! I'm Bob   
    Welcome ! 
     
  13. Like
    Xrphunter got a reaction from Hodor in Hi! I'm Bob   
    Welcome ! 
     
  14. Thanks
    Xrphunter reacted to BobWay in Hi! I'm Bob   
    Hello all. Just wanted to introduce myself. I'm Bob Way, formerly of Ripple. Thank you in advance for allowing me to join your forum.
    Back in the early days of crypto I was pretty active in the Bitcointalk and Ripple communities (under the username "Red"). In fact my community participation was what directly led to me going to work for Chris and the gang at OpenCoin. I made a lot of good friend in the forums five years back. I'm hoping to make some new ones now.
    Bob
  15. Thanks
    Xrphunter got a reaction from Sebastian in Latest Updates Bring New Architecture to Trezor One and XRP Support to Model T.   
    Trezor Model T, firmware update 2.1.0
    The main news for Model T is definitely the coin listings. One of the biggest and best-known projects — Ripple — is now available in the Trezor Wallet interface, and you can store, send, and receive Ripple by using nothing but the Wallet. Ripple is currently available only in the Beta Wallet.
    https://blog.trezor.io/latest-updates-bring-new-architecture-to-trezor-one-and-ripple-support-to-model-t-3873ed3693c1?gi=d19cc9ab2bee
  16. Thanks
    Xrphunter got a reaction from panmores in Latest Updates Bring New Architecture to Trezor One and XRP Support to Model T.   
    Trezor Model T, firmware update 2.1.0
    The main news for Model T is definitely the coin listings. One of the biggest and best-known projects — Ripple — is now available in the Trezor Wallet interface, and you can store, send, and receive Ripple by using nothing but the Wallet. Ripple is currently available only in the Beta Wallet.
    https://blog.trezor.io/latest-updates-bring-new-architecture-to-trezor-one-and-ripple-support-to-model-t-3873ed3693c1?gi=d19cc9ab2bee
  17. Like
    Xrphunter got a reaction from Hodor in Latest Updates Bring New Architecture to Trezor One and XRP Support to Model T.   
    Trezor Model T, firmware update 2.1.0
    The main news for Model T is definitely the coin listings. One of the biggest and best-known projects — Ripple — is now available in the Trezor Wallet interface, and you can store, send, and receive Ripple by using nothing but the Wallet. Ripple is currently available only in the Beta Wallet.
    https://blog.trezor.io/latest-updates-bring-new-architecture-to-trezor-one-and-ripple-support-to-model-t-3873ed3693c1?gi=d19cc9ab2bee
  18. Like
    Xrphunter got a reaction from Wesa182 in Latest Updates Bring New Architecture to Trezor One and XRP Support to Model T.   
    Trezor Model T, firmware update 2.1.0
    The main news for Model T is definitely the coin listings. One of the biggest and best-known projects — Ripple — is now available in the Trezor Wallet interface, and you can store, send, and receive Ripple by using nothing but the Wallet. Ripple is currently available only in the Beta Wallet.
    https://blog.trezor.io/latest-updates-bring-new-architecture-to-trezor-one-and-ripple-support-to-model-t-3873ed3693c1?gi=d19cc9ab2bee
  19. Thanks
    Xrphunter reacted to Warbler in Bithomp   
    Bithomp tools 0.4.0 released. XRP escrow creation and execution. https://www.youtube.com/watch?v=CJdEiZNLxuk … You can also create a time escrow with offline signing with your mnemonic (hard wallet). Think twice before locking your #XRP, only time can unlock it
    hope you'll enjoy it.
    Now explorer also will show escrows, which held on the account (in the block balances)
    we also improved the transaction view for escrow types.

  20. Thanks
    Xrphunter reacted to Warbler in Bithomp   
    A little bit of Ripple data on Index page of Bithomp.
    In case if someone interested
    shows: XRP distribution + counts: validators and active nodes (updates every 5 seconds.)

    https://bithomp.com
  21. Thanks
    Xrphunter reacted to Duke67 in XRPtoolkit   
    It seems there still is a need for solution to keep your XRPs safe, while still having them available for occasional and sometimes even for more active use.
    Ripple technology is in many aspects ahead of Bitcoin and other cryptos. I find offline transaction signing one its best features. In today’s world, when no computer can be considered safe anymore, offline signing allows you to keep all sensitive information offline and thus secure and safe.
    I have prepared a set of tools that follows and leverages Ripple’s Reliable Transaction Submission. It will allow you to monitor Ripple network, ledgers, your accounts and balances. The offline part will also enable you to securely create new accounts, prepare and securely sign payments and submit such offline-generated payments to XRP ledger. For transferring offline generated data to an online device it uses QR codes and this makes active XRP use quick and quite convenient.
    Unfortunately, this package is not entirely suitable for beginners. It aims more at mid-experienced to advanced users. 
    Also, I wanted to keep those scripts simple and plain and allow anyone to see, understand and inspect its source. This is why some results/error processing is just very subtle.

    More information, how-to, installation, syntax, examples, download: https://github.com/Duke67/xrptoolkit-nodejs

    Download:
    Node.js scripts (offline): https://github.com/duke67/xrptoolkit-nodejs  Android app (online): https://play.google.com/store/apps/details?id=com.duke67.XRPtk   
    The Android application is only available for download from Google Play store and it’s not yet open source (I may make it available later on). Even if not currently available for code review, this architecture can really give you a peace-of-mind because the real magic of this solution is that the online device only sees either public, or signed+encrypted information. 
    iOS app – unfortunately not available now, who wants to develop it? Also, feel free to improve or enhance the toolkit or contact me with any idea you may have.
    Cheers!
     
  22. Thanks
    Xrphunter reacted to devnullprod in Wipple 0.13.1 Released!   
    Come one, come all, hear the announcement of Wipple 0.13.1!!!
    For those who don't know Wipple is a ledger monitor and analyzer, aimed at providing users with simple tools to retrieve deep ledger insights as well as perform useful functions on the network.
    This release brings many new features and improvements including streamlined navigation, extended tools which to highlight and filter transactions, a widget to view a timeline of account transactions (expiremental), as well as much needed backend hardening and testing. The reporting UI has been expanded to support viewing of higher order timeframes and we've gone through the application and improved the mobile experience, so all sections are accessible via smartphone / tablet interface.
    Be sure to checkout our newly launched blog for the complete details and don't wander far away, we've got many more features planned for the next release which is just around the corner!
     
    Happy rippling!




  23. Thanks
    Xrphunter reacted to nikb in Could this be Ripple's bug?   
    I believe this to be a bug. It should NOT be allowed and the C++ team at Ripple will be creating a PR that proposes an amendment to prevent this from happening in the future.  
  24. Like
    Xrphunter reacted to Archbob in NASDAQ RUMOURED BE LISTING RIPPLE(XRP) INDEX   
    Not really a rumor, its basically been confirmed.
  25. Like
    Xrphunter reacted to VanGogh in NASDAQ RUMOURED BE LISTING RIPPLE(XRP) INDEX   
    There are trillions of dollars in retirement accounts on indices like the Nasdaq. Eventually hedge funds, etc. will be able to invest some of those retirement funds in XRP en-masse. 
×
×
  • Create New...