Jump to content

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k

yxxyun

By yxxyun
in General Discussion

 Share

Recommended Posts

at3n

at3n

Posted
Posted
4 minutes ago, BAX said:

Do we know if they stole other assets beside XRP, I see that Gatehub have also BTC,BCH,ETH,ETC,REP and Dash?

The other assets are worth total $17 mil of today prices.

https://gatehub.net/stats

Can't imagine that would be worth trying to steal the IOUs, Gatehub could freeze them on the hackers' wallets, and no way to redeem them without identifying yourself. You'd need to trade them for XRP before you were frozen, and there's not that much liquidity available for trading.

Link to comment
Share on other sites
  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Silkjaer
Silkjaer

On June 1 we were made aware of a theft of 201,000 XRP (transaction F6E9E1385E11649A6C2F88723A821AF209B54030886539DCEF9DDD00E6446948) and immediately started investigation. It turned out that the acco

GateHub
GateHub

Hey all! We are aware of the matter and are looking into it. If anyone has any information please contact us at: security@gatehub.net   GateHub

Silkjaer
Silkjaer

Reminder: There is no direct evidence pointing to Gatehub being responsible even though it may appear as the most likely scenario right now. Just be careful about jumping to conclusions What you c

at3n

at3n

Posted
Posted (edited)
8 minutes ago, Borry said:

One thing is noteworthy about GH. Under "show secret key" you can simply see / get the ripple secret key. So, yes its stored somewhere (encrypted I hope?) But its definitely going via GHs website. Maybe the hackers found a way to retrieve this information. Anyway, this should be changed or at least removed (or only sent to the confirmed mail address).

The encrypted secret is sent to the browser and the browser decrypts it, that's been my understanding. Transactions are signed in the same way. That's why you need to enter your password a second time in order to see the secret key or send a transaction, because Gatehub doesn't know the password. The decrypted key should not make its way back to Gatehub, although it could be visible to malware on the client's PC.

Edit: Sure as hell wouldn't want my secret key sent in an email!

Edited by at3n
Link to comment
Share on other sites
Munkibyte

Munkibyte

Posted
Posted

No, my wallet was not imported from anywhere else. I created the account on Gatehub a couple years ago, imported Bitcoin, traded for XRP, put in the Gatehub wallet, set up all the security, then have never went back in until I get the email from Gatehub saying I was hacked.

Link to comment
Share on other sites
Hero_Member

Hero_Member

Posted
Posted
7 minutes ago, Munkibyte said:

No, my wallet was not imported from anywhere else. I created the account on Gatehub a couple years ago, imported Bitcoin, traded for XRP, put in the Gatehub wallet, set up all the security, then have never went back in until I get the email from Gatehub saying I was hacked.

This pretty much rules out phising/malware, as you need to login to get the password..

Link to comment
Share on other sites
jlripple

jlripple

Posted
Posted
55 minutes ago, BAX said:

Its gatehub.net :)

And the thefts didn't need to bypass 2FA because most likely they got the secret keys somehow.

All the victims never got emails that someone is logging from different IP.

If all the victims here are imported wallets from RippleTrade, the problem might be coming from RippleTrade not Gatehub!!!

Could guys share if your stolen wallets were imported from RippleTrade?

My wallet was created with gatehub account it's a new wallet 

Link to comment
Share on other sites
ZeeperCreeper

ZeeperCreeper

Posted
Posted

This is effed up situation. It's really sad to see so many people loose their investments for scumbag thieves. I'd be completely gutted if someone stole the stack I've been adding to month after month from my hard earned paycheck. I sincerely hope those ******** will be caught and the funds returned to rightful owners, however unlikely it seems.

As all current evidence points to a weakness with gatehubs cybersecurity, I find their current response to the situation utterly dissatisfying. 

Link to comment
Share on other sites
jlripple

jlripple

Posted
Posted
49 minutes ago, 2ndtimearound said:

Yes it's unlikely but kept as a possibility.  Having said that, how can it be that gatehub.net are saying "you got hacked, sorry for your loss" before an investigation has taken place? Have they no responsibilities here?

Did they say that? I just got a mail from then informing about the security breach 

Link to comment
Share on other sites
smoothy

smoothy

Posted
Posted
2 minutes ago, jlripple said:

I noticed one thing though 

Funds moved by the hackers only consumed 

Fee0.000012 XRP

But if I were to do it from the gatehub ui it always cost Fee0.000015 XRP minimum. Coincidence? 

well, they did not use the gatehub ui. They somehow got hold of the secret keys of accounts migrated to, or created at gatehub. And with the secret key, you can use whatever wallet you want to transfer funds.

Link to comment
Share on other sites
2ndtimearound

2ndtimearound

Posted
Posted
19 minutes ago, ZeeperCreeper said:

As all current evidence points to a weakness with gatehubs cybersecurity, I find their current response to the situation utterly dissatisfying. 

Absolutely. From their hom page : "Safely stored in one of your trusted gateways. We make sure your money is always safe and 100% backed."

And when money is stolen through no fault of the customer whatsoever, they say "sorry for your loss".

 

Link to comment
Share on other sites
jlripple

jlripple

Posted
Posted
2 minutes ago, smoothy said:

well, they did not use the gatehub ui. They somehow got hold of the secret keys of accounts migrated to, or created at gatehub. And with the secret key, you can use whatever wallet you want to transfer funds.

Then the claim about gatehub not knowing our secret keys is not true then. This is scary ****. 

Link to comment
Share on other sites
2ndtimearound

2ndtimearound

Posted
Posted
25 minutes ago, jlripple said:

Did they say that? I just got a mail from then informing about the security breach 

To me this : "We must inform you that due to irreversibility of the XRP Ledger transactions, we unfortunately can't refund your losses."

...reads as "sorry for your loss, we wash our hands of the event, and merely let you know it happened". 

Link to comment
Share on other sites
jlripple

jlripple

Posted
Posted
4 minutes ago, 2ndtimearound said:

To me this : "We must inform you that due to irreversibility of the XRP Ledger transactions, we unfortunately can't refund your losses."

...reads as "sorry for your loss, we wash our hands of the event, and merely let you know it happened".

Painful lesson very painful 

Link to comment
Share on other sites
Hero_Member

Hero_Member

Posted
Posted
3 minutes ago, 2ndtimearound said:

To me this : "We must inform you that due to irreversibility of the XRP Ledger transactions, we unfortunately can't refund your losses."

...reads as "sorry for your loss, we wash our hands of the event, and merely let you know it happened". 

Well, that would be the case if you somehow got your pc infected, and someone got hold of your private key. In this case it looks like the Gatehub security was breached, so we will have to wait and see what happens...

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...