Jump to content
Mercury

Gatehub hack and changes affecting us

Recommended Posts

38 minutes ago, Just_J said:

I'm a bit mixed on what is a good solution for holding XRP ....

With no official wallet (which I really hope will be addressed by Ripple at SWELL) - are you truly better off having the XRP offline than having it locked up in a more reputable exchange like Kraken, etc .... with 2 factor authentication and global account lock turned on?

 

 

Share this post


Link to post
Share on other sites
41 minutes ago, Just_J said:

I'm a bit mixed on what is a good solution for holding XRP ....

With no official wallet (which I really hope will be addressed by Ripple at SWELL) - are you truly better off having the XRP offline than having it locked up in a more reputable exchange like Kraken, etc .... with 2 factor authentication and global account lock turned on?

 

The problem with Kraken or any other exchange is that they change their policy on regional coverage as policy is released.  Additionally the inherent risk of IOU's scares the crap out of me.  If it's not on the ledger it's vapor imo.  You see it now but it can disappear with the wind.  One day we will have a crypto equivelent of FDIC, but for now I only keep a trading stack and dust on exchanges.

Share this post


Link to post
Share on other sites
1 hour ago, teddybear said:

Rippex on an offline PC.

My choice today. Offline PC (Mac) , inside a virtual machine on that, and the Rippex file is stored on a removable USB. I use an 18 character password with upper/lower case letters, numbers and special characters.

I feel pretty safe ...

Edited by Luschka

Share this post


Link to post
Share on other sites
Guest
3 minutes ago, Dennis said:

The problem with Kraken or any other exchange is that they change their policy on regional coverage as policy is released.  Additionally the inherent risk of IOU's scares the crap out of me.  If it's not on the ledger it's vapor imo.  You see it now but it can disappear with the wind.  One day we will have a crypto equivelent of FDIC, but for now I only keep a trading stack and dust on exchanges.

I completely agree.  The irony of course is this could easily be addressed by the cyrptocommunity.  Exchanges and wallet services could probably form something similar to SIPC which is the FDIC equivalent for companies like Fidelity, Vanguard, etc.  But unlike the FDIC, it is my understanding SIPC is entirely voluntary.  

Share this post


Link to post
Share on other sites
1 minute ago, Luschka said:

I feel pretty safe ...

Except that you have to trust that the random number generator in your virtual machine has access to some reliable source of entropy (it probably has, though, although - generally speaking - virtual machines that are e.g. cloned and are without network access can have some issues with this).

 

 

 

Share this post


Link to post
Share on other sites
Just now, T8493 said:

Except that you have to trust that the random number generator in your virtual machine has access to some reliable source of entropy (it probably has, though, although - generally speaking - virtual machines that are e.g. cloned and are without network access can have some issues with this).

 

 

 

And that's less safe than gatehub's version of "trust me"?

Share this post


Link to post
Share on other sites
1 minute ago, T8493 said:

Except that you have to trust that the random number generator in your virtual machine has access to some reliable source of entropy (it probably has, though, although - generally speaking - virtual machines that are e.g. cloned and are without network access can have some issues with this).

 

 

 

Agree. I believe in my case I'm good.

Im at least good enough to trust my setup rather than leaving them online at an exchange or online wallet. 

Share this post


Link to post
Share on other sites
6 minutes ago, T8493 said:

Well, it is not comparable.

It's not comparable. I was a bit black or white on this.

 

6 minutes ago, T8493 said:

You usually don't run gatehub in a virtual machine that is disconnected from the network, right?

No you don't. Correct.

 

I'll stick with my argument about the secret key though. Entering it anywhere with internet connection is fishy to me. Sorry I don't have a fancy way of saying this.

Share this post


Link to post
Share on other sites
6 minutes ago, Sebastian said:

I completely agree.  The irony of course is this could easily be addressed by the cyrptocommunity.  Exchanges and wallet services could probably form something similar to SIPC which is the FDIC equivalent for companies like Fidelity, Vanguard, etc.  But unlike the FDIC, it is my understanding SIPC is entirely voluntary.  

There was a voluntary group called the IRBA (International Ripple Business Association) that provided a soft audit of exchanges (verify they had a bank account, real people/ teams, proper support contact, proper fee structuring and reporting, etc ) but it was disbanded when it couldn't cover costs.

Some members here were either running or part of the IRBA, as are some of the older exchanges

Share this post


Link to post
Share on other sites
2 minutes ago, Mercury said:

There was a voluntary group called the IRBA (International Ripple Business Association) that provided a soft audit of exchanges (verify they had a bank account, real people/ teams, proper support contact, proper fee structuring and reporting, etc ) but it was disbanded when it couldn't cover costs.

Some members here were either running or part of the IRBA, as are some of the older exchanges

I doubt IRBA had any real power or insight. Gateways simply ignored their guidelines if I remember correctly.

 

Share this post


Link to post
Share on other sites

After Justcoin, Ripple had sent warnings to all gateways and made a page dedicated to partial payments warning on their site. Why, after three years, Gatehub has fallen the victim to this is beyond me. And frankly, the amount of issues related to Gatehub recently is quite disturbing, considering it is the exchange that was endorsed by Ripple. 

Share this post


Link to post
Share on other sites
46 minutes ago, T8493 said:

I doubt IRBA had any real power or insight. Gateways simply ignored their guidelines if I remember correctly.

IRBA was an eye, not an arm, but it was helpful.

Old good times when @celticwarrior72 used to call us to check if we had money in our accounts :)

 

Edited by RafOlP

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...