Jump to content

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k

yxxyun

By yxxyun,
in General Discussion

 Share Followers 24

Recommended Posts

smoothy

smoothy 711

Posted
Posted (edited)

So if I get it right, this is a summary of what happened:

- The funds were stolen from ripple accounts (not hosted wallets) that had been imported into, or created on, gatehub

- To move the funds out, no logins happened to the users gatehub accounts

 

So to me there are only 2 possible explanations:

- the secret keys were somehow hosted by gatehub and someone got access to those secret keys.

- when someone asked to show their secret key on the gatehub site, the secret key somehow got intercepted.

 

Damn, I feel for you guys, I really do.

 

 

Edited by smoothy
Link to post
Share on other sites
  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Silkjaer

On June 1 we were made aware of a theft of 201,000 XRP (transaction F6E9E1385E11649A6C2F88723A821AF209B54030886539DCEF9DDD00E6446948) and immediately started investigation. It turned out that the acco

Silkjaer

Reminder: There is no direct evidence pointing to Gatehub being responsible even though it may appear as the most likely scenario right now. Just be careful about jumping to conclusions What you c

GateHub

Hey all! We are aware of the matter and are looking into it. If anyone has any information please contact us at: security@gatehub.net   GateHub

Posted Images

jlripple

jlripple 92

Posted
Posted
5 minutes ago, 2ndtimearound said:

Having read through this sad thread....two possibilities come to my mind:-

Possibility 1: incompetence on the part of gatehub.com

  • only incompetence would make it possible that someone COULD somehow access 2FA private keys to bypass 2FA; that would mean the keys were not encrypted, or encrypted weakly and easy to crack, or that gatehub.com could allow an insider to access accounts through interal admin systems

Possibility 2: inside job and gatehub.com are hiding it

  • less likely for me, but possible - an exit scam

I don't see any other possibilities (but open to suggestions).  phishing? How do you phish a 2FA secret key? That's not something you would phish without SOMEONE noticing. 

So how did the "hacker" get past 2FA?

Exit scam maybe unlikely cos Chris and Greg are shareholders? Why would they do that 

Link to post
Share on other sites
BAX

BAX 514

Posted
Posted
3 minutes ago, 2ndtimearound said:

Having read through this sad thread....two possibilities come to my mind:-

Possibility 1: incompetence on the part of gatehub.com

  • only incompetence would make it possible that someone COULD somehow access 2FA private keys to bypass 2FA; that would mean the keys were not encrypted, or encrypted weakly and easy to crack, or that gatehub.com could allow an insider to access accounts through interal admin systems

Possibility 2: inside job and gatehub.com are hiding it

  • less likely for me, but possible - an exit scam

I don't see any other possibilities (but open to suggestions).  phishing? How do you phish a 2FA secret key? That's not something you would phish without SOMEONE noticing. 

Either way, how on earth are the people who got robbed responisble in any way for this? They claim it's cold storage - so ...

how did the "hacker" get past 2FA?

Its gatehub.net :)

And the thefts didn't need to bypass 2FA because most likely they got the secret keys somehow.

All the victims never got emails that someone is logging from different IP.

If all the victims here are imported wallets from RippleTrade, the problem might be coming from RippleTrade not Gatehub!!!

Could guys share if your stolen wallets were imported from RippleTrade?

Link to post
Share on other sites
iLeeT

iLeeT 2,538

Posted
Posted
6 minutes ago, 2ndtimearound said:

How do you phish a 2FA secret key? That's not something you would phish without SOMEONE noticing. 

It happened before with Gatehub btw (there are some threads here as well) - but I doubt this is the case this time. Previously it was people that search for Gatehub through Google (e.g. if they are at work and the url isn't stored when typing) - the first search hit was a Google ad that was saying it's Gatehub (but the link actually was pointing to Getahub which was exact copy of Gatehub and as soon as you type in your 2fa code they use it to log in to the original site)

Link to post
Share on other sites
Hero_Member

Hero_Member 120

Posted
Posted (edited)
6 minutes ago, BAX said:

Its gatehub.net :)

And the thefts didn't need to bypass 2FA because most likely they got the secret keys somehow.

All the victims never got emails that someone is logging from different IP.

If all the victims here are imported wallets from RippleTrade, the problem might be coming from RippleTrade not Gatehub!!!

Could guys share if your stolen wallets were imported from RippleTrade?

A lot of wallets were imported, but I believe not all (account created in 2017) Mostly the imported wallets have bigger amounts of XRP..

Edited by Hero_Member
Link to post
Share on other sites
2ndtimearound

2ndtimearound 6,965

Posted
Posted
10 minutes ago, jlripple said:

Exit scam maybe unlikely cos Chris and Greg are shareholders? Why would they do that 

Yes it's unlikely but kept as a possibility.  Having said that, how can it be that gatehub.net are saying "you got hacked, sorry for your loss" before an investigation has taken place? Have they no responsibilities here?

Link to post
Share on other sites
2ndtimearound

2ndtimearound 6,965

Posted
Posted
8 minutes ago, iLeeT said:

It happened before with Gatehub btw (there are some threads here as well) - but I doubt this is the case this time. Previously it was people that search for Gatehub through Google (e.g. if they are at work and the url isn't stored when typing) - the first search hit was a Google ad that was saying it's Gatehub (but the link actually was pointing to Getahub which was exact copy of Gatehub and as soon as you type in your 2fa code they use it to log in to the original site)

Ah I see - they grab the code within the 30 second window and login?

Link to post
Share on other sites
jlripple

jlripple 92

Posted
Posted
3 minutes ago, 2ndtimearound said:

Yes it's unlikely but kept as a possibility.  Having said that, how can it be that gatehub.net are saying "you got hacked, sorry for your loss" before an investigation has taken place? Have they no responsibilities here?

Then basically we're screwed 2x

Once for migrating to gatehub another exit scam 

Link to post
Share on other sites
Borry

Borry 56

Posted
Posted (edited)

One thing is noteworthy about GH. Under "show secret key" you can simply see / get the ripple secret key. So, yes its stored somewhere (encrypted I hope?) But its definitely going via GHs website. Maybe the hackers found a way to retrieve this information. Anyway, this should be changed or at least removed (or only sent to the confirmed mail address).

Edited by Borry
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Followers 24
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept