Jump to content

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k


yxxyun

Recommended Posts

1 hour ago, jlripple said:

Well I suspect this hack might be due to one of the API being exploited. No other way to explain how the thieves can just grab users' XRP without even logging in!!!

So the thief had a list of random email addresses and potentially passwords. They used this list and the API to determine which email address is linked to which wallet address. If they had a hit they could then see if they could login to the email service and search for an email containing the key. Maybe a lot of people email their key to themselves for 'safekeeping'.

Link to comment
Share on other sites

7 minutes ago, kachel said:

So the thief had a list of random email addresses and potentially passwords. They used this list and the API to determine which email address is linked to which wallet address. If they had a hit they could then see if they could login to the email service and search for an email containing the key. Maybe a lot of people email their key to themselves for 'safekeeping'.

I did not save the key electronically I physically wrote it down on the note for my safekeeping. I saw a lot other victims did the same. I don't think the hackers did it that way.

Link to comment
Share on other sites

6 minutes ago, kachel said:

So the thief had a list of random email addresses and potentially passwords. They used this list and the API to determine which email address is linked to which wallet address. If they had a hit they could then see if they could login to the email service and search for an email containing the key. Maybe a lot of people email their key to themselves for 'safekeeping'.

Reading the statement by gatehub yesterday about them turning off the access API on the 1st June 2019 but accounts still being robbed of their XRPs I believe the hackers somehow have access to the secret keys plus a way to decrypt them 

Link to comment
Share on other sites

4 minutes ago, kachel said:

So the thief had a list of random email addresses and potentially passwords. They used this list and the API to determine which email address is linked to which wallet address. If they had a hit they could then see if they could login to the email service and search for an email containing the key. Maybe a lot of people email their key to themselves for 'safekeeping'.

Can we stop with the “maybe” and other assumption as it just makes the victims look like an absolute idiot.

As Gatehub (CEO) stated the API Token was compromised hence whatever the hackers have accumulated in terms of keys before June 1 after they have disable the access will be on the target list of the thieves.

Link to comment
Share on other sites

19 minutes ago, cjeremys2 said:

Can we stop with the “maybe” and other assumption as it just makes the victims look like an absolute idiot.

As Gatehub (CEO) stated the API Token was compromised hence whatever the hackers have accumulated in terms of keys before June 1 after they have disable the access will be on the target list of the thieves.

Sorry about that, I was trying to be constructive but could have chosen my words more carefully. I had a theory which is probably not the case. Can you help me understand which API token? The thief has gained access to hashed / salted keys via this token?

Link to comment
Share on other sites

35 minutes ago, jlripple said:

Reading the statement by gatehub yesterday about them turning off the access API on the 1st June 2019 but accounts still being robbed of their XRPs I believe the hackers somehow have access to the secret keys plus a way to decrypt them 

So the hackers could continue decrypting them one by one and keep on stealing funds, not knowing if they've got all the adresses. Which would mean everyone should remove their XRP's from gatehub and that specific wallet adress and make a new one...

Would be nice if GH would give some more info and assure its all safe now. On the other hand, advising all they're customers to go away is suicide...

Link to comment
Share on other sites

8 minutes ago, kachel said:

Sorry about that, I was trying to be constructive but could have chosen my words more carefully. I had a theory which is probably not the case. Can you help me understand which API token? The thief has gained access to hashed / salted keys via this token?

Apologies as well as I just hate the fact that other people still put salt on an open wound even though we know that this is Gatehub's security flaws since the number of victims are now up to "81" and still counting yet other are still stating that it might be password or victims telling their peers about their secret key. I myself don't even know my secret key from 2 years ago when I created my account on Gatehub.

Also this API Access or API Call is part of Gatehub's infrastracture that allows customers to use an email address as a contact for sending funds. I'm not a hacker literate but it seems that they are able interfere with this API Access in order to gain information to the victim's keys but this doesn't answer the fact that some of the victims "have not logged in for years" yet hackers were still able to access their keys and stole their XRP.

I think we should all be asking the questions to @gatehub rather than play this assumption game about the victims password etc. especially when we have now at least 81+ victims and the fact that Gatehub is not giving updates on hourly or even daily basis makes me suspicious that they want to downplay this issue and let all the victims face their losses.

Link to comment
Share on other sites

 

20 hours ago, gatehub said:

We have however detected an increased amount of API calls (with valid access tokens) coming from a small number of IP addresses which might be how the perpetrator gained access to encrypted secret keys.

That, however, still doesn’t explain how the perpetrator was able to gain other required information needed to decrypt the secret keys.

All access tokens were disabled on June 1st after which the suspicious API calls were stopped.

 

1 hour ago, Silkjaer said:

Latest thefts happened yesterday [June 4th, red.]. They have cashed more out today.

 

1 hour ago, jlripple said:

Reading the statement by gatehub yesterday about them turning off the access API on the 1st June 2019 but accounts still being robbed of their XRPs I believe the hackers somehow have access to the secret keys plus a way to decrypt them 

 

1+1= Gatehub should e-mail all users asap to have them move funds to hosted wallets, safe addresses or re-key them.

@gatehub@Silkjaer@alloyxrp@enej

 

Unless they know exactly which addresses were exposed and who to contact, but that doesn't seem so from the outside. As the nr of victims already seems to outnumber their previous statement:

20 hours ago, gatehub said:

At the moment we estimate that 58 XRP Ledger wallets were compromised.

1 hour ago, Silkjaer said:

A small update from our research, we are now counting 80+ (most likely) victims.

 

 

Edited by zero-2-9
typo
Link to comment
Share on other sites

2 minutes ago, mrenne said:

Are there victims that have not been contacted by GateHub? 

The people who received the email from GateHub are the ones who already got hacked.  Honestly, GateHub should just email everyone at this point.  No reason to make more suffer. 

Link to comment
Share on other sites

40 minutes ago, Personology said:

The people who received the email from GateHub are the ones who already got hacked.  Honestly, GateHub should just email everyone at this point.  No reason to make more suffer. 

I would just let Gatehub deal with it as this will be classed as "negligence" in their part to not inform the customers about security issues. 

To be honest this was already the case for the Victims that got hacked on the 30-31st of May as apparently Gatehub was already aware before the following date that this attack was happening. Yet they have only sent an email on the 3rd of June about it for the customers that got hacked on the 30-31st of May.

Link to comment
Share on other sites

To all those who have requested access to the private club, please bear with us. We will surely invite you in the coming hours. After going through the thread.

It is preferable if you DM either @Silkjaer or me. So that we can see the requests without missing any.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

×
×
  • Create New...