Possible compromised GateHub account

[SeitoEXE]

On 04/12/2016 at 10:50 PM, TPM said:

@gatehub - Per your suggestion to make sure to optimize our passwords, I have attempted to access my account and my 2 Step Verification was denied. So, I then tried to reset the password. I received the automated email and link. Then, I entered my recovery code and password and nothing happened for 20 or 30 seconds. Then, I got a message that said there was a network error and to try later.

I have tried several times over the past hour and continue to get the same error message.

Are others having problems accessing Gatehub.net as well.....

Would appreciate any insights you might have.

 

I had the same issue, turned out the time + date on my phone wasn't in sync with my computer, hence the reason why my 2FA didn't work, I put it on automatic timezone and it worked again, might be worth checking out!

Edited December 6, 2016 by SeitoEXE

[SeitoEXE]

16 hours ago, TPM said:

Thank you for the suggestion.... @SeitoEXE

 

Did it work?! ?

[Guest Haydentiff]

29 minutes ago, SeitoEXE said:

Did it work?! ?

Haha. I was going to make this exact post. He just left us hanging, lol.

[Guest Haydentiff]

Thanks for reporting back, @TPM!

[rst]

Its was a Ripple Wallet.  I'll post the results of Gatehub's investigate.  Any help to get my money back is greatly appreciated.  This really happened and GateHub is not helping me get my money back. 

From GateHub  I think he is one of the owners.

Anzej Simicak (GateHub)

Nov 19, 20:16 CET

Please accept our sincere apologies for the delay in our responses.

We regret to inform you that due to irreversibility of the ripple transactions, we can not refund your losses.

However, our security team has finished the inspection of unauthorised transactions that you have reported. Please find the report in the attachment.

Feel free to hand over the report to the authorities, should you choose to report the incident.

 

Incident report

Incident description:

A GateHub client, Randall S, reported an unauthorized transaction that had occurred

on September 18, 2016.

Data:

- Time of incident: September 18, 2016 1:02 PM

- Victim Account Email: .com

- Victim Account unique ID: 6d24db17

- Victim Two-step authentication enabled: NO

Transaction details:

- Amount stolen: 158,855 XRP, market value cca. $1k

- Transaction hashes:

8AADC7ED2215C6FBF1FDE87CFC025AFB8B6728CB2AA9ADA98E4A485AC26424A9

(158,855.141181 XRP XRP)

- Victim's ripple address: rHdnnTVUs6KwE4zed4rBUPoGgQKiu7ywGC

- Alleged thief's ripple address: rQryGaS9YtxmLmg6gEVjtphQwjnAUryvSc

- Alleged thief's funds cashed out via: Poloniex

- Ripple client used by alleged thief for ripple transactions: rt1.1.32-bugfix-2-ge152297-dirty

GateHub access log data summary for date 2016-09-18:

Person 1:

- IP address: 98.126.88.91

- IP address location: Orange, California, United States

- IP address network: AS35908 Krypt Technologies

- Browser User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101

Firefox/48.0

Findings:

- GateHub has observed the same IP network (AS35908 Krypt Technologies) in at least two

other XRP thefts in September. The alleged thief's ripple client and cashout pattern is similar

across related incidents. The funds were cashed out via Poloniex.com account no. 8860109,

Poloniex.com account no. 922488709 and in this case, an unknown Poloniex account (no

account destination tag). Other IPs used by potentially the same person are 98.126.11.59 and

98.126.160.99.

- We recommend that the victim contacts Poloniex regarding account numbers 8860109 and

922488709 and Krypt technologies regarding the alleged thief's IP address.

References:

Unauthorised transaction:

https://charts.ripple.com/#/transactions/8AADC7ED2215C6FBF1FDE87CFC025AFB8B6728CB

2AA9ADA98E4A485AC26424A9

Thief's ripple address: https://bithomp.com/explorer/rQryGaS9YtxmLmg6gEVjtphQwjnAUryvSc

[T8493]

How does GateHub know the IP address (98.126.88.91) of alleged thief? Alleged thief used some special version of RippleTrade (rt1.1.32-bugfix-2-ge152297-dirty) and not GateHub.

EDIT: this is the correct link of the unauthorized transaction: 

https://charts.ripple.com/#/transactions/8AADC7ED2215C6FBF1FDE87CFC025AFB8B6728CB2AA9ADA98E4A485AC26424A9

Edited December 6, 2016 by T8493

[kanaas]

How does GateHub know the IP address (98.126.88.91) of alleged thief? Alleged thief used some special version of RippleTrade (rt1.1.32-bugfix-2-ge152297-dirty) and not GateHub.
EDIT: this is the correct link of the unauthorized transaction: 
https://charts.ripple.com/#/transactions/8AADC7ED2215C6FBF1FDE87CFC025AFB8B6728CB2AA9ADA98E4A485AC26424A9

Suppose the thief used gatehub client to read the secret first


Verzonden vanaf mijn iPhone met Tapatalk

[T8493]

3 minutes ago, kanaas said:

Suppose the thief used gatehub client to read the secret first

1

But why didn't GateHub block access from the IP address that didn't belong to the GateHub account holder?

 

[kanaas]

But why didn't GateHub block access from the IP address that didn't belong to the GateHub account holder?
 

That would be really inconvenient. When I'm on the road I sometimes use my 4g mobile to connect my computer ... Thats also another IP. After all they have 2FA...


Verzonden vanaf mijn iPhone met Tapatalk

[T8493]

Just now, kanaas said:

That would be really inconvenient. When I'm on the road I sometimes use my 4g mobile to connect my computer ... Thats also another IP. After all they have 2FA...

2

They've already implemented this....

[cmbartley]

ALWAYS enable 2FA. Contact Poloniex and send them the incident report. 

[caro]

1 hour ago, kanaas said:

That would be really inconvenient. When I'm on the road I sometimes use my 4g mobile to connect my computer ... Thats also another IP. After all they have 2FA...

 

 

GateHub sends you an email when you sign on from a new IP address, so that you can verify it's really you. Works great. 

 

[rst]

Thank you all for the feedback.  Hows is 2FA even an option.  Knowing that hackers are always trying to steal money, shouldn't 2FA be forced on all the accounts?  I had 2FA when it was Ripple, not sure when the migrated the account it switched off.  My account wasn't the only one , there were several others during the same time.  They say 2FA was on.

GateHub says on their website that your money is 100% safe and backed.  Bullshit.  They can steal money and nothing will happen to them according to their policy.

Why would Poloniex do anything?    ty

 

[caro]

33 minutes ago, rst said:

 Knowing that hackers are always trying to steal money, shouldn't 2FA be forced on all the accounts?  I had 2FA when it was Ripple, not sure when the migrated the account it switched off.  My account wasn't the only one , there were several others during the same time.  They say 2FA was on.

 

People have the right to make their own choices, regarding 2FA and other issues. If they don't want to have 2FA, for whatever reason, and they are willing to assume the extra risk, that should be their choice.

Besides, if what you say it's true, and some Gatehub users had their money stolen despite having 2FA, that makes the whole issue moot, doesn't it?

 

[tomb]

Just get 2 factor.

If you get a new phone download the app, log into gatehub with your old phone and turn 2 factor off. Then two seconds later turn it back on, scan the qr code with your new phone and you are in business.