Jump to content

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k


Recommended Posts

4 minutes ago, BAX said:

Do we know if they stole other assets beside XRP, I see that Gatehub have also BTC,BCH,ETH,ETC,REP and Dash?

The other assets are worth total $17 mil of today prices.

https://gatehub.net/stats

Can't imagine that would be worth trying to steal the IOUs, Gatehub could freeze them on the hackers' wallets, and no way to redeem them without identifying yourself. You'd need to trade them for XRP before you were frozen, and there's not that much liquidity available for trading.

Link to post
Share on other sites
  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

On June 1 we were made aware of a theft of 201,000 XRP (transaction F6E9E1385E11649A6C2F88723A821AF209B54030886539DCEF9DDD00E6446948) and immediately started investigation. It turned out that the acco

Reminder: There is no direct evidence pointing to Gatehub being responsible even though it may appear as the most likely scenario right now. Just be careful about jumping to conclusions What you c

Hey all! We are aware of the matter and are looking into it. If anyone has any information please contact us at: security@gatehub.net   GateHub

Posted Images

8 minutes ago, Borry said:

One thing is noteworthy about GH. Under "show secret key" you can simply see / get the ripple secret key. So, yes its stored somewhere (encrypted I hope?) But its definitely going via GHs website. Maybe the hackers found a way to retrieve this information. Anyway, this should be changed or at least removed (or only sent to the confirmed mail address).

The encrypted secret is sent to the browser and the browser decrypts it, that's been my understanding. Transactions are signed in the same way. That's why you need to enter your password a second time in order to see the secret key or send a transaction, because Gatehub doesn't know the password. The decrypted key should not make its way back to Gatehub, although it could be visible to malware on the client's PC.

Edit: Sure as hell wouldn't want my secret key sent in an email!

Edited by at3n
Link to post
Share on other sites

No, my wallet was not imported from anywhere else. I created the account on Gatehub a couple years ago, imported Bitcoin, traded for XRP, put in the Gatehub wallet, set up all the security, then have never went back in until I get the email from Gatehub saying I was hacked.

Link to post
Share on other sites
7 minutes ago, Munkibyte said:

No, my wallet was not imported from anywhere else. I created the account on Gatehub a couple years ago, imported Bitcoin, traded for XRP, put in the Gatehub wallet, set up all the security, then have never went back in until I get the email from Gatehub saying I was hacked.

This pretty much rules out phising/malware, as you need to login to get the password..

Link to post
Share on other sites
55 minutes ago, BAX said:

Its gatehub.net :)

And the thefts didn't need to bypass 2FA because most likely they got the secret keys somehow.

All the victims never got emails that someone is logging from different IP.

If all the victims here are imported wallets from RippleTrade, the problem might be coming from RippleTrade not Gatehub!!!

Could guys share if your stolen wallets were imported from RippleTrade?

My wallet was created with gatehub account it's a new wallet 

Link to post
Share on other sites

This is effed up situation. It's really sad to see so many people loose their investments for scumbag thieves. I'd be completely gutted if someone stole the stack I've been adding to month after month from my hard earned paycheck. I sincerely hope those ******** will be caught and the funds returned to rightful owners, however unlikely it seems.

As all current evidence points to a weakness with gatehubs cybersecurity, I find their current response to the situation utterly dissatisfying. 

Link to post
Share on other sites
49 minutes ago, 2ndtimearound said:

Yes it's unlikely but kept as a possibility.  Having said that, how can it be that gatehub.net are saying "you got hacked, sorry for your loss" before an investigation has taken place? Have they no responsibilities here?

Did they say that? I just got a mail from then informing about the security breach 

Link to post
Share on other sites
2 minutes ago, jlripple said:

I noticed one thing though 

Funds moved by the hackers only consumed 

Fee0.000012 XRP

But if I were to do it from the gatehub ui it always cost Fee0.000015 XRP minimum. Coincidence? 

well, they did not use the gatehub ui. They somehow got hold of the secret keys of accounts migrated to, or created at gatehub. And with the secret key, you can use whatever wallet you want to transfer funds.

Link to post
Share on other sites
19 minutes ago, ZeeperCreeper said:

As all current evidence points to a weakness with gatehubs cybersecurity, I find their current response to the situation utterly dissatisfying. 

Absolutely. From their hom page : "Safely stored in one of your trusted gateways. We make sure your money is always safe and 100% backed."

And when money is stolen through no fault of the customer whatsoever, they say "sorry for your loss".

 

Link to post
Share on other sites
2 minutes ago, smoothy said:

well, they did not use the gatehub ui. They somehow got hold of the secret keys of accounts migrated to, or created at gatehub. And with the secret key, you can use whatever wallet you want to transfer funds.

Then the claim about gatehub not knowing our secret keys is not true then. This is scary ****. 

Link to post
Share on other sites
25 minutes ago, jlripple said:

Did they say that? I just got a mail from then informing about the security breach 

To me this : "We must inform you that due to irreversibility of the XRP Ledger transactions, we unfortunately can't refund your losses."

...reads as "sorry for your loss, we wash our hands of the event, and merely let you know it happened". 

Link to post
Share on other sites
4 minutes ago, 2ndtimearound said:

To me this : "We must inform you that due to irreversibility of the XRP Ledger transactions, we unfortunately can't refund your losses."

...reads as "sorry for your loss, we wash our hands of the event, and merely let you know it happened".

Painful lesson very painful 

Link to post
Share on other sites
3 minutes ago, 2ndtimearound said:

To me this : "We must inform you that due to irreversibility of the XRP Ledger transactions, we unfortunately can't refund your losses."

...reads as "sorry for your loss, we wash our hands of the event, and merely let you know it happened". 

Well, that would be the case if you somehow got your pc infected, and someone got hold of your private key. In this case it looks like the Gatehub security was breached, so we will have to wait and see what happens...

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.