Jump to content

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k


yxxyun

Recommended Posts

36 minutes ago, raulnavarro said:

TX FAILED:

5BE7416406DE83B2D46724542678A2A1244B587AE16AA5107B6F7D6A54532A50

(...)

0E2BDEDFB9E02BD117C6CE95F44174D6961D8174966A33971B86AA0059150EC7

Those transactions tried to move the last 40 XRP out of the wallet, which is not possible. It seems like first the hackers found out (moved out eveything but 20 XRP in the last tx of the list, saw the transaction fail, then moved out a smaller amount, then the leftovers)

Then you tried yesterday (the first tx number, this tx went through GateHub)?

Edited by mrenne
cleaning up
Link to comment
Share on other sites

2 hours ago, pvap said:

It amazes me how anyone can access the decryption algorithm that Gatehub is using just by looking at the source code of the browser during the "show secret key" request. Enej revealed this back in 2016, when explaining how a user could retrieve his own secret key identity from the site. The browser does all the decryption work! And this is probably how the hacker learned the algorithm.

The strength of an encryption algorithm is not based on keeping its code secret. The best algorithms are well known, and as such, if there are flaws they will be quickly discovered and fixed.

The strength of the algorithm itself and the strength of the key (password) are the important factors; the only thing that should need to be kept secret is the key.

Link to comment
Share on other sites

7 hours ago, Silkjaer said:

Will you share your wallet address? We might not have picked this one up. Also, inviting you to the victim “club”.

I am an old timer not sure if I am comfortable sending my wallet address but here are the destination tags where all my XRP went to in order.

Sent to rnprvYRjWGvpDLF1iSwqwepJscuMVQ1oEM- 680.0000 XRP 13 hours ago

 Failed transaction 13 hours ago

 Sent to rHvWywQiexNeCLWTa9dBjHTMAtt6tPN7Z1- XX,000.0000 XRP 2 days ago

 Sent to rMcqiWXMJEAEMXaFFgnjeuASwAMmef8B8c- XX,000.0000 XRP 2 days ago

 

Link to comment
Share on other sites

10 minutes ago, JohnnyC said:

I am an old timer not sure if I am comfortable sending my wallet address but here are the destination tags where all my XRP went to in order.

Sent to rnprvYRjWGvpDLF1iSwqwepJscuMVQ1oEM- 680.0000 XRP 13 hours ago

 Failed transaction 13 hours ago

 Sent to rHvWywQiexNeCLWTa9dBjHTMAtt6tPN7Z1- XX,000.0000 XRP 2 days ago

 Sent to rMcqiWXMJEAEMXaFFgnjeuASwAMmef8B8c- XX,000.0000 XRP 2 days ago

 

There is almost nothing left in the wallet, sadly, so there is little risk in sending your wallet address. You can make a new account if that makes you feel more comfortable. You can still move out the last 19 XRP.

Funds have already been transferred to exchanges Changenow and Kucoin.

I have noticed transfers of the hackers into Changenow are using 50+ different destinatinon tags. Does anyone have experience with Changenow? They are aware of the hack and wait for a police order to act.

Link to comment
Share on other sites

1 hour ago, Hero_Member said:

Oh boy... Here we go!

make sure your PC and internet connection are safe...

1. you need the secret from your old account. If you do not have that yet, log into gatehub and click on your wallet. Find "advanced" and click on it. Click on the button show secret key. Now you have it. Copy the secret key.

2. start a browser in private mode and go to bithomp.com. Create a new ripple walet first -> click on XRP Tools, then Generate XRP Wallet Now click on Generate and you have a new keypair. Keep them very safe, as this will be your new secret later.

3. go back to bithomp.com and choose Bithomp tools now. read the legal stuff and proceed. Click on online and connect. Paper wallet is selected, that is the one we need. Enter your old secret key in the input field. Now you can choose some options. Choose  settings at "choose transaction type" And then go to "choose a setting to modify" There you select "regular key" and you enter the new address (r..) from step 2. Click on "set" and it should be good. This actually is a transaction on the ledger, so you could see it on Gathub/Bithomp etc..

4. Last step, disable master key. Choose again in  "choose a setting to modify" list and select "disable master key" Click on Set again and your account should be safe. All transactions can only be signed with the secret from step 2.

Please be careful, any mistake and your account cannot be accessed anymore...

Legal disclaimer: I am only trying to help, do this at your own risk!

@Warbler Do you agree with these steps??

 

Hi @Hero_Member i did all the step but in Gatehub it still appears the old secret key... Is that ok? 

Link to comment
Share on other sites

19 minutes ago, cjeremys2 said:

Gatehub released a statement on their website but my god this is exactly the same sentences that was dropped here on XRPChat..

https://gatehub.net/blog/gatehub-preliminary-statement/

Copy and Paste by Enej!? Wth.

@gatehub You guys need to release a proper statement not something that was already said the day before lol.

As stated in the blog post and on our social media, this is only a preliminary statement. Please know that we are working tirelessly to complete a thorough investigation and notify any customers whose accounts may have been affected. As soon as the investigation has been completed an official statement will be posted.

We appreciate your patience in this matter.

Link to comment
Share on other sites

2 hours ago, LordVetinari said:

https://haveibeenpwned.com/

This is a site that reports if emails have appeared in data dumps. You can search for your email address and it will show if your email has ever appeared in a data dump. 

 

I know we have to trust is someone but sites like this can, in fact, add your, yet not in a data dump, e-mail to a very profitable database.

Link to comment
Share on other sites

35 minutes ago, JohnnyC said:

I am an old timer not sure if I am comfortable sending my wallet address but here are the destination tags where all my XRP went to in order.

Sent to rnprvYRjWGvpDLF1iSwqwepJscuMVQ1oEM- 680.0000 XRP 13 hours ago

 Failed transaction 13 hours ago

 Sent to rHvWywQiexNeCLWTa9dBjHTMAtt6tPN7Z1- XX,000.0000 XRP 2 days ago

 Sent to rMcqiWXMJEAEMXaFFgnjeuASwAMmef8B8c- XX,000.0000 XRP 2 days ago

 

Thank you. It's on our radar then :)

Link to comment
Share on other sites

44 minutes ago, cjeremys2 said:

Gatehub released a statement on their website but my god this is exactly the same sentences that was dropped here on XRPChat..

https://gatehub.net/blog/gatehub-preliminary-statement/

Copy and Paste by Enej!? Wth.

@gatehub You guys need to release a proper statement not something that was already said the day before lol.

I wanted to have some respect for at least making it public, but I am a bit sad that it is a clone of what was already provided to us here. Stating there's only "58" wallets affected was inaccurate almost immediately after it was posted to us here since we still had people stop in and mention that they were compromised as well. Sending an email to "all users that might be affected" isn't really enough if it isn't a guarantee that they are the only users that could be affected.

It's absolutely a tough time for everyone involved, but people need to know how dangerous this is. It sounds like it's been going for days and the issues are still rolling out. It sucks to suggest that people all move their funds off GateHub entirely in the mean time, but this is time sensitive and people's funds should be safeguarded in any way while it's an unknown how or what all is at risk. This is different than an exploit at an exchange because GateHub can't lock down all wallets until they figure things out; they also can't (or shouldn't be able too...) move all the funds to a safe wallet later either. This has to be done per-person and as soon as possible.

Link to comment
Share on other sites

7 minutes ago, gatehub said:

As stated in the blog post and on our social media, this is only a preliminary statement. Please know that we are working tirelessly to complete a thorough investigation and notify any customers whose accounts may have been affected. As soon as the investigation has been completed an official statement will be posted.

We appreciate your patience in this matter.

You do realise that your playing with the livelihood of every victim of this security breach?

I myself was looking to use my funds for tuition fee of my brother. 

The fact that your company hasn’t made any pledge to compensate the victims is what infuriates me and other victims.

Link to comment
Share on other sites

13 minutes ago, Xrylite said:

I wanted to have some respect for at least making it public, but I am a bit sad that it is a clone of what was already provided to us here. Stating there's only "58" wallets affected was inaccurate almost immediately after it was posted to us here since we still had people stop in and mention that they were compromised as well. Sending an email to "all users that might be affected" isn't really enough if it isn't a guarantee that they are the only users that could be affected.

Thank you for your comment. We have already corrected the number of compromised wallets.  

Link to comment
Share on other sites

19 minutes ago, FMGC said:

I know we have to trust is someone but sites like this can, in fact, add your, yet not in a data dump, e-mail to a very profitable database.

This incident it doesn't matter because the funds were drained out without the hacker gaining access to users gatehub ui means totally no log in whatsoever. 

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

×
×
  • Create New...