Jump to content

at3n

Member
  • Content Count

    359
  • Joined

  • Last visited

About at3n

  • Rank
    Regular

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. No need to be personally vindictive and threatening against individuals who are most likely doing their best in an awful situation, and who have, over the years, had a large part to play in positively contributing to the the XRP ecosystem. The real bad people here are the hackers; they deserve any abuse, threats and punishment that hopefully finds them one day.
  2. It basically means that there was too much of a delay in the transaction being created, and it being successfully submitted to the network and validated. Previously has happened around times of high XRP Ledger volume, when Gatehub servers were presumably being overloaded with high numbers of transactions. Perhaps Gatehub has reduced its server capacity in some regard as part of the investigation currently going on. If you're desperate to send a transaction, take your secret key to another wallet and send from there.
  3. Can you please confirm whether it was a hosted wallet or a "Ripple" wallet? Hosted wallets are those where Gatehub pools your XRP with other users' XRP and assigns you a destination tag. I don't think there have been other reports of hosted wallets being compromised? It doesn't seem like the attacker gained access to account credentials, just encrypted secret keys.
  4. Absolutely, it's gut-wrenching to imagine what it's like to be on the receiving end of this. From some past experiences I can identify with the feelings associated with sudden, desperate financial loss, it's absolutely awful. But to all who are suffering those feelings: time does fix it. Hold on, there's still plenty of chance that there will be a positive resolution to this. Even if eventually it doesn't work out that way, the mental strain will fade over time. The mental bit is the hardest to deal with.
  5. Technically, yes, but that would be a massive precedent to set, very bad for decentralisation and trust in the ledger. Ideally, validators on the UNL would be comprised of groups with such differing ideologies that they could never agree on anything other than the technical truths relating to transactions. Then they will never collude to alter the "natural" state of the ledger to suit their own ends (even if that end is to stop a known thief). That's the underlying strength of XRPL, to my understanding. If you have colluding validators controlling transactions, the value of the network would drop hugely.
  6. The strength of an encryption algorithm is not based on keeping its code secret. The best algorithms are well known, and as such, if there are flaws they will be quickly discovered and fixed. The strength of the algorithm itself and the strength of the key (password) are the important factors; the only thing that should need to be kept secret is the key.
  7. Question @Pablo: Does the fact that Gatehub's wallet service is free change anything regarding their liability? No-one paid anything to Gatehub for them to store their keys. Money is made entirely through the gateway service, which is not mandatory to use.
  8. The Gatehub application (the web interface) calls the API as you're using it, to retrieve data relating to the user that's logged in, and their wallets. You can verify using developer tools in a browser. e.g. https://api.gatehub.net/ilp/balances/<address> I'm not aware that it's intended to be used by customers, like e.g. the Binance API. It's likely just for Gatehub's own applications.
  9. This has not been proven, in theory the attackers only need the encrypted keys. Something that no-one has mentioned yet, is the possibility of an API exploit. If the Gatehub API had a vulnerability that leaked encrypted keys to an attacker, that would be sufficient to allow a brute-force attack over time. That would be a totally different type of attack to a database breach.
  10. The encrypted secret is sent to the browser and the browser decrypts it, that's been my understanding. Transactions are signed in the same way. That's why you need to enter your password a second time in order to see the secret key or send a transaction, because Gatehub doesn't know the password. The decrypted key should not make its way back to Gatehub, although it could be visible to malware on the client's PC. Edit: Sure as hell wouldn't want my secret key sent in an email!
  11. Can't imagine that would be worth trying to steal the IOUs, Gatehub could freeze them on the hackers' wallets, and no way to redeem them without identifying yourself. You'd need to trade them for XRP before you were frozen, and there's not that much liquidity available for trading.
  12. Yes, despite Gatehub's dismissive emails so far, there's no way that it will stop there, this is getting too big. They've even said that they're investigating, which means that more will come out. Don't give up hope.
×
×
  • Create New...