Jump to content
yxxyun

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k

Recommended Posts

3 minutes ago, 2ndtimearound said:

To me this : "We must inform you that due to irreversibility of the XRP Ledger transactions, we unfortunately can't refund your losses."

...reads as "sorry for your loss, we wash our hands of the event, and merely let you know it happened". 

Well, that would be the case if you somehow got your pc infected, and someone got hold of your private key. In this case it looks like the Gatehub security was breached, so we will have to wait and see what happens...

Share this post


Link to post
Share on other sites
3 minutes ago, Hero_Member said:

Well, that would be the case if you somehow got your pc infected, and someone got hold of your private key. In this case it looks like the Gatehub security was breached, so we will have to wait and see what happens...

  • this looks like an internal issue - such as a gatehub database being hacked and 2FA secret keys being leaked in some way (decrypted or were stored in plain text)...or simply an inside job
  • for it to be an "outside job" and done via malware/phishing, surely it would trigger "different IP login" notifications, and certainly there'd be a trail of IP addresses being tied to logins...doesn't seem to be the case here.

Share this post


Link to post
Share on other sites
21 minutes ago, jlripple said:

Then the claim about gatehub not knowing our secret keys is not true then. This is scary ****. 

This has not been proven, in theory the attackers only need the encrypted keys.

6 minutes ago, 2ndtimearound said:
  • this looks like an internal issue - such as a gatehub database being hacked and 2FA secret keys being leaked in some way (decrypted or were stored in plain text)...or simply an inside job
  • for it to be an "outside job" and done via malware/phishing, surely it would trigger "different IP login" notifications, and certainly there'd be a trail of IP addresses being tied to logins...doesn't seem to be the case here.

Something that no-one has mentioned yet, is the possibility of an API exploit. If the Gatehub API had a vulnerability that leaked encrypted keys to an attacker, that would be sufficient to allow a brute-force attack over time. That would be a totally different type of attack to a database breach.

Share this post


Link to post
Share on other sites

I had 25k taken and Gatehub are responsible for the security of access codes and should return or replace stolen funds...have emailed the CEO Enej Pungercar...enej@gatehub.net and demanded action. I feel this may be the work of an insider because of the need to get past email, passwords and 2FS...I have no info on my PC, use encrypted storage off line, run a VPN at all times and have never given anyone access to my info, yet Gatehub manage to let over 10 million XRP get transfered to the same wallet address...have mailed Ripple and will inform the EU Cyber Crime Unit...Gatehub need to step up or face the end of their platform as word spreads about their dire security practices...Also it's good to note that the email sent out to say that a security breach may have occurred only went to the accounts that were robbed, showing that Gatehub already knew about the thefts...

Share this post


Link to post
Share on other sites
6 minutes ago, at3n said:

This has not been proven, in theory the attackers only need the encrypted keys.

Something that no-one has mentioned yet, is the possibility of an API exploit. If the Gatehub API had a vulnerability that leaked encrypted keys to an attacker, that would be sufficient to allow a brute-force attack over time. That would be a totally different type of attack to a database breach.

Wouldn't an API breach affect only people signed up to the API service (whatever that service may be)? I know the Binance hack affected traders who had trading bots set up through an API. But this "hack" (whatever it is, who knows) involved cold storage wallets held by people who hadn't logged in for months or even years - how does and API breach allow access to data of people who haven't signed up to any API service?

Share this post


Link to post
Share on other sites
18 minutes ago, 2ndtimearound said:

Wouldn't an API breach affect only people signed up to the API service (whatever that service may be)? I know the Binance hack affected traders who had trading bots set up through an API. But this "hack" (whatever it is, who knows) involved cold storage wallets held by people who hadn't logged in for months or even years - how does and API breach allow access to data of people who haven't signed up to any API service?

The Gatehub application (the web interface) calls the API as you're using it, to retrieve data relating to the user that's logged in, and their wallets. You can verify using developer tools in a browser.

e.g. https://api.gatehub.net/ilp/balances/<address>

I'm not aware that it's intended to be used by customers, like e.g. the Binance API. It's likely just for Gatehub's own applications.

Share this post


Link to post
Share on other sites
15 minutes ago, at3n said:

The Gatehub application (the web interface) calls the API as you're using it, to retrieve data relating to the user that's logged in, and their wallets. You can verify using developer tools in a browser.

e.g. https://api.gatehub.net/ilp/balances/<address>

I'm not aware that it's intended to be used by customers, like e.g. the Binance API. It's likely just for Gatehub's own applications.

Thanks for the clarification - yes, I understand you now about how that type of API usage could possibly be compromised in some way.

Share this post


Link to post
Share on other sites

There is a thread regarding the hack on the Ripple subreddit.  I think we should input our opinions and concerns over there too.  I feel like Gatehub will try to sweep this under the rugs unless there are some public outcry.  Also, @Selective brought up a good point - We will eventually need to ban together for a class A lawsuit if not compensated by them.  Can anyone verify if the loss is over 5 million dollars?

Share this post


Link to post
Share on other sites
On 6/2/2019 at 10:37 AM, yxxyun said:

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k 

over 10 million XRP sent to that address  in 3 day 

second account:rJpKe5rbjgzzGJc1wm1xqKj6j4UjBQ6s48

over 4 million XRP

Third account :

rGSWKo2oiJnJiPEoHvDZTK2XG7RtE62Cbh

Share this post


Link to post
Share on other sites
21 minutes ago, Hero_Member said:

It also would be good if @gatehub sends email to not-hacked users to move the XRP to another wallet (or add regular key and disable master), as long as they do not have a clear view of what has happened.

Or confirm that funds are no longer at risk..

After my friend told me about his loss and told me to check my GateHub, I removed all my assets. I'll be removing any mention of GateHub from my website.

I've assisted loads of people to get set up on GateHub to store their XRP. Taken me almost 24hrs to contact them all to remove their assets, if they're still in their wallets.

I hope this all gets sorted for all the ones that were stolen from.

Share this post


Link to post
Share on other sites

Guys please, raise awareness through Reddit/Twitter and make sure all the known figures In the cryptocurrency community know about this, other than that I'm not In EU or UK to file a police report as a start to go through the law case. my file Is useless whoever lives In Lebanon already know that. 

So I'm willing to add whatever It takes to recover my 170,000$ of losses. 

Share this post


Link to post
Share on other sites
12 minutes ago, Selective said:

So I'm willing to add whatever It takes to recover my 170,000$ of losses. 

Sad. This must be a fortune in your country

Share this post


Link to post
Share on other sites
1 hour ago, Selective said:

Guys please, raise awareness through Reddit/Twitter and make sure all the known figures In the cryptocurrency community know about this, other than that I'm not In EU or UK to file a police report as a start to go through the law case. my file Is useless whoever lives In Lebanon already know that. 

So I'm willing to add whatever It takes to recover my 170,000$ of losses. 

sorry to hear that matey , hopefully you will be reimbursed .

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...