Jump to content

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k

Recommended Posts

  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

On June 1 we were made aware of a theft of 201,000 XRP (transaction F6E9E1385E11649A6C2F88723A821AF209B54030886539DCEF9DDD00E6446948) and immediately started investigation. It turned out that the acco

Reminder: There is no direct evidence pointing to Gatehub being responsible even though it may appear as the most likely scenario right now. Just be careful about jumping to conclusions What you c

Hey all! We are aware of the matter and are looking into it. If anyone has any information please contact us at: security@gatehub.net   GateHub

Posted Images

7 hours ago, Borry said:

One thing is noteworthy about GH. Under "show secret key" you can simply see / get the ripple secret key. So, yes its stored somewhere (encrypted I hope?) But its definitely going via GHs website. Maybe the hackers found a way to retrieve this information. Anyway, this should be changed or at least removed (or only sent to the confirmed mail address).

Where can I find "show secret key" ? I can't find it in any section (Home, Wallet, Trade... Settings).

Link to post
Share on other sites
3 minutes ago, AlessandroPiccione said:

Moving the XRP (4k) from an old Ripple wallet in GateHub, temporary/permanently to an exchange like Bitstamp/YooBit/HitBtc or Ploniex is a good move? 

Don't keep any DA on any exchange. Get a Ledger Nano S or similar. 

Link to post
Share on other sites
10 minutes ago, AlessandroPiccione said:

Moving the XRP (4k) from an old Ripple wallet in GateHub, temporary/permanently to an exchange like Bitstamp/YooBit/HitBtc or Ploniex is a good move? 

If you do not trade, there is no need to keep it on an exchange. Create a new wallet on bithomp for example (and keep your secret safe!), and transfer the XRP there. Or get a Ledger...

Link to post
Share on other sites
9 hours ago, JA8 said:

I suggest setting up a relevant sub forum / club here and inviting all of those affected to join. Are there any lawyers on this forum?

There's one or two including me but it's premature to bring in lawyers.

What really needs to happen first is a proper triage: identify the threat, contain it, minimise exposure/loss and then do a root-cause and start thinking about legal/contractual remedies. In roughly that order. From what I'm reading here and on Reddit, we're still at step 1.

Link to post
Share on other sites
6 hours ago, at3n said:

This has not been proven, in theory the attackers only need the encrypted keys.

Something that no-one has mentioned yet, is the possibility of an API exploit. If the Gatehub API had a vulnerability that leaked encrypted keys to an attacker, that would be sufficient to allow a brute-force attack over time. That would be a totally different type of attack to a database breach.

API exploit, GateHub API ? Do you mean PUBLIC web API ?  I opened a ticket probably 1 year ago asking for API ... they don't have it. Right?
(Ripple data API is not GateHub API)

Edited by AlessandroPiccione
Link to post
Share on other sites

Forget about 2FA. Your secret key is merely encrypted and saved in one of gatehub’s database servers.

The only way to decrypt it is through the use of your password, with some unknown algorithm. This is why you can view your secret key just by inputting your password on the site.

Someone probably managed to retrieve all of gatehub’s database encrypted secret keys,  and then brute forced the heck of them offline.

The secret key just needs to start with an ‘s’ and have a fixed number of characters.

It was an inside job I guess... only way to know the decryption algorithm! I remember there were some tech guys leaving gatehub a year ago....

That’s why this is happening with old accounts only. As I said, someone probably left the company a while ago and took all the encrypted secret keys with him.

This person has probably been bruteforcing the decryption of these keys offline for quite some time now.

It’s just a two stepper really:

1- Bruteforce all the encrypted secret keys offline, with a powerfull processing machine;

2- Save all the decrypted secret keys starting with a ‘s’ and having a fixed number of characters;

3- Translate this list of secret keys to the corresponding public addresses;

4- Check their balances;

5- Steal everything you can;

Hopefully the hacker has no access to recent encrypted keys in gatehub’s database servers, since he’s left the company already... but others do!

That’s why I highly advise you to take your xrp off there and put it in cold storage.


Edited by pvap
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.