Jump to content

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k


Recommended Posts

So if I get it right, this is a summary of what happened:

- The funds were stolen from ripple accounts (not hosted wallets) that had been imported into, or created on, gatehub

- To move the funds out, no logins happened to the users gatehub accounts

 

So to me there are only 2 possible explanations:

- the secret keys were somehow hosted by gatehub and someone got access to those secret keys.

- when someone asked to show their secret key on the gatehub site, the secret key somehow got intercepted.

 

Damn, I feel for you guys, I really do.

 

 

Edited by smoothy
Link to post
Share on other sites
  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

On June 1 we were made aware of a theft of 201,000 XRP (transaction F6E9E1385E11649A6C2F88723A821AF209B54030886539DCEF9DDD00E6446948) and immediately started investigation. It turned out that the acco

Reminder: There is no direct evidence pointing to Gatehub being responsible even though it may appear as the most likely scenario right now. Just be careful about jumping to conclusions What you c

Hey all! We are aware of the matter and are looking into it. If anyone has any information please contact us at: security@gatehub.net   GateHub

Posted Images

5 minutes ago, 2ndtimearound said:

Having read through this sad thread....two possibilities come to my mind:-

Possibility 1: incompetence on the part of gatehub.com

  • only incompetence would make it possible that someone COULD somehow access 2FA private keys to bypass 2FA; that would mean the keys were not encrypted, or encrypted weakly and easy to crack, or that gatehub.com could allow an insider to access accounts through interal admin systems

Possibility 2: inside job and gatehub.com are hiding it

  • less likely for me, but possible - an exit scam

I don't see any other possibilities (but open to suggestions).  phishing? How do you phish a 2FA secret key? That's not something you would phish without SOMEONE noticing. 

So how did the "hacker" get past 2FA?

Exit scam maybe unlikely cos Chris and Greg are shareholders? Why would they do that 

Link to post
Share on other sites
3 minutes ago, 2ndtimearound said:

Having read through this sad thread....two possibilities come to my mind:-

Possibility 1: incompetence on the part of gatehub.com

  • only incompetence would make it possible that someone COULD somehow access 2FA private keys to bypass 2FA; that would mean the keys were not encrypted, or encrypted weakly and easy to crack, or that gatehub.com could allow an insider to access accounts through interal admin systems

Possibility 2: inside job and gatehub.com are hiding it

  • less likely for me, but possible - an exit scam

I don't see any other possibilities (but open to suggestions).  phishing? How do you phish a 2FA secret key? That's not something you would phish without SOMEONE noticing. 

Either way, how on earth are the people who got robbed responisble in any way for this? They claim it's cold storage - so ...

how did the "hacker" get past 2FA?

Its gatehub.net :)

And the thefts didn't need to bypass 2FA because most likely they got the secret keys somehow.

All the victims never got emails that someone is logging from different IP.

If all the victims here are imported wallets from RippleTrade, the problem might be coming from RippleTrade not Gatehub!!!

Could guys share if your stolen wallets were imported from RippleTrade?

Link to post
Share on other sites
6 minutes ago, 2ndtimearound said:

How do you phish a 2FA secret key? That's not something you would phish without SOMEONE noticing. 

It happened before with Gatehub btw (there are some threads here as well) - but I doubt this is the case this time. Previously it was people that search for Gatehub through Google (e.g. if they are at work and the url isn't stored when typing) - the first search hit was a Google ad that was saying it's Gatehub (but the link actually was pointing to Getahub which was exact copy of Gatehub and as soon as you type in your 2fa code they use it to log in to the original site)

Link to post
Share on other sites
6 minutes ago, BAX said:

Its gatehub.net :)

And the thefts didn't need to bypass 2FA because most likely they got the secret keys somehow.

All the victims never got emails that someone is logging from different IP.

If all the victims here are imported wallets from RippleTrade, the problem might be coming from RippleTrade not Gatehub!!!

Could guys share if your stolen wallets were imported from RippleTrade?

A lot of wallets were imported, but I believe not all (account created in 2017) Mostly the imported wallets have bigger amounts of XRP..

Edited by Hero_Member
Link to post
Share on other sites
10 minutes ago, jlripple said:

Exit scam maybe unlikely cos Chris and Greg are shareholders? Why would they do that 

Yes it's unlikely but kept as a possibility.  Having said that, how can it be that gatehub.net are saying "you got hacked, sorry for your loss" before an investigation has taken place? Have they no responsibilities here?

Link to post
Share on other sites
8 minutes ago, iLeeT said:

It happened before with Gatehub btw (there are some threads here as well) - but I doubt this is the case this time. Previously it was people that search for Gatehub through Google (e.g. if they are at work and the url isn't stored when typing) - the first search hit was a Google ad that was saying it's Gatehub (but the link actually was pointing to Getahub which was exact copy of Gatehub and as soon as you type in your 2fa code they use it to log in to the original site)

Ah I see - they grab the code within the 30 second window and login?

Link to post
Share on other sites
3 minutes ago, 2ndtimearound said:

Yes it's unlikely but kept as a possibility.  Having said that, how can it be that gatehub.net are saying "you got hacked, sorry for your loss" before an investigation has taken place? Have they no responsibilities here?

Then basically we're screwed 2x

Once for migrating to gatehub another exit scam 

Link to post
Share on other sites

One thing is noteworthy about GH. Under "show secret key" you can simply see / get the ripple secret key. So, yes its stored somewhere (encrypted I hope?) But its definitely going via GHs website. Maybe the hackers found a way to retrieve this information. Anyway, this should be changed or at least removed (or only sent to the confirmed mail address).

Edited by Borry
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.