Jump to content
yxxyun

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k

Recommended Posts

Posted (edited)

Having read through this sad thread....two possibilities come to my mind:-

Possibility 1: incompetence on the part of gatehub.net

  • only incompetence would make it possible that someone COULD somehow access 2FA private keys to bypass 2FA; that would mean the keys were not encrypted, or encrypted weakly and easy to crack, or that gatehub.com could allow an insider to access accounts through interal admin systems

Possibility 2: inside job and gatehub.net are hiding it

  • less likely for me, but possible - an exit scam

I don't see any other possibilities (but open to suggestions).  phishing? How do you phish a 2FA secret key? That's not something you would phish without SOMEONE noticing. 

Either way, how on earth are the people who got robbed responisble in any way for this? They claim it's cold storage - so ...

how did the "hacker" get past 2FA?

Not by logging in the conventional way, that's for sure.

Therefore, I would suggest the victims of this crime get together and pool together money for legal advice against gatehub (IMO). 

Edited by 2ndtimearound
gatehub.com corrected to gatehub.net

Share this post


Link to post
Share on other sites
Posted (edited)

So if I get it right, this is a summary of what happened:

- The funds were stolen from ripple accounts (not hosted wallets) that had been imported into, or created on, gatehub

- To move the funds out, no logins happened to the users gatehub accounts

 

So to me there are only 2 possible explanations:

- the secret keys were somehow hosted by gatehub and someone got access to those secret keys.

- when someone asked to show their secret key on the gatehub site, the secret key somehow got intercepted.

 

Damn, I feel for you guys, I really do.

 

 

Edited by smoothy

Share this post


Link to post
Share on other sites
5 minutes ago, 2ndtimearound said:

Having read through this sad thread....two possibilities come to my mind:-

Possibility 1: incompetence on the part of gatehub.com

  • only incompetence would make it possible that someone COULD somehow access 2FA private keys to bypass 2FA; that would mean the keys were not encrypted, or encrypted weakly and easy to crack, or that gatehub.com could allow an insider to access accounts through interal admin systems

Possibility 2: inside job and gatehub.com are hiding it

  • less likely for me, but possible - an exit scam

I don't see any other possibilities (but open to suggestions).  phishing? How do you phish a 2FA secret key? That's not something you would phish without SOMEONE noticing. 

So how did the "hacker" get past 2FA?

Exit scam maybe unlikely cos Chris and Greg are shareholders? Why would they do that 

Share this post


Link to post
Share on other sites
3 minutes ago, 2ndtimearound said:

Having read through this sad thread....two possibilities come to my mind:-

Possibility 1: incompetence on the part of gatehub.com

  • only incompetence would make it possible that someone COULD somehow access 2FA private keys to bypass 2FA; that would mean the keys were not encrypted, or encrypted weakly and easy to crack, or that gatehub.com could allow an insider to access accounts through interal admin systems

Possibility 2: inside job and gatehub.com are hiding it

  • less likely for me, but possible - an exit scam

I don't see any other possibilities (but open to suggestions).  phishing? How do you phish a 2FA secret key? That's not something you would phish without SOMEONE noticing. 

Either way, how on earth are the people who got robbed responisble in any way for this? They claim it's cold storage - so ...

how did the "hacker" get past 2FA?

Its gatehub.net :)

And the thefts didn't need to bypass 2FA because most likely they got the secret keys somehow.

All the victims never got emails that someone is logging from different IP.

If all the victims here are imported wallets from RippleTrade, the problem might be coming from RippleTrade not Gatehub!!!

Could guys share if your stolen wallets were imported from RippleTrade?

Share this post


Link to post
Share on other sites
6 minutes ago, 2ndtimearound said:

How do you phish a 2FA secret key? That's not something you would phish without SOMEONE noticing. 

It happened before with Gatehub btw (there are some threads here as well) - but I doubt this is the case this time. Previously it was people that search for Gatehub through Google (e.g. if they are at work and the url isn't stored when typing) - the first search hit was a Google ad that was saying it's Gatehub (but the link actually was pointing to Getahub which was exact copy of Gatehub and as soon as you type in your 2fa code they use it to log in to the original site)

Share this post


Link to post
Share on other sites
Posted (edited)
6 minutes ago, BAX said:

Its gatehub.net :)

And the thefts didn't need to bypass 2FA because most likely they got the secret keys somehow.

All the victims never got emails that someone is logging from different IP.

If all the victims here are imported wallets from RippleTrade, the problem might be coming from RippleTrade not Gatehub!!!

Could guys share if your stolen wallets were imported from RippleTrade?

A lot of wallets were imported, but I believe not all (account created in 2017) Mostly the imported wallets have bigger amounts of XRP..

Edited by Hero_Member

Share this post


Link to post
Share on other sites
10 minutes ago, jlripple said:

Exit scam maybe unlikely cos Chris and Greg are shareholders? Why would they do that 

Yes it's unlikely but kept as a possibility.  Having said that, how can it be that gatehub.net are saying "you got hacked, sorry for your loss" before an investigation has taken place? Have they no responsibilities here?

Share this post


Link to post
Share on other sites
8 minutes ago, iLeeT said:

It happened before with Gatehub btw (there are some threads here as well) - but I doubt this is the case this time. Previously it was people that search for Gatehub through Google (e.g. if they are at work and the url isn't stored when typing) - the first search hit was a Google ad that was saying it's Gatehub (but the link actually was pointing to Getahub which was exact copy of Gatehub and as soon as you type in your 2fa code they use it to log in to the original site)

Ah I see - they grab the code within the 30 second window and login?

Share this post


Link to post
Share on other sites
Just now, 2ndtimearound said:

Ah I see - they grab the code within the 30 second window and login?

Yup, they get your email, pw credentials, then as soon as you type in your 2fa code they use that to login.

Share this post


Link to post
Share on other sites
3 minutes ago, 2ndtimearound said:

Yes it's unlikely but kept as a possibility.  Having said that, how can it be that gatehub.net are saying "you got hacked, sorry for your loss" before an investigation has taken place? Have they no responsibilities here?

Then basically we're screwed 2x

Once for migrating to gatehub another exit scam 

Share this post


Link to post
Share on other sites
Posted (edited)

Do we know if they stole other assets beside XRP, I see that Gatehub have also BTC,BCH,ETH,ETC,REP and Dash?

The other assets are worth total $17 mil of today prices.

https://gatehub.net/stats

Edited by BAX

Share this post


Link to post
Share on other sites
2 minutes ago, BAX said:

Do we know if they stole other assets beside XRP, I see that Gatehub have also BTC,BCH,ETH,ETC,REP and Dash?

Mine only xrp eth untouched but cos my eth is small

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...