Jump to content
yxxyun

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k

Recommended Posts

16 minutes ago, Hero_Member said:

If you do not trade, there is no need to keep it on an exchange. Create a new wallet on bithomp for example (and keep your secret safe!), and transfer the XRP there. Or get a Ledger...

I trade.

Share this post


Link to post
Share on other sites

@gatehub Any updates?

Have another friend who just got an email today about the breach - he logged in and saw 260,000 XRP transferred on 5/31 as well. This was also an old wallet.

 

Share this post


Link to post
Share on other sites

We want to make it absolutely clear that:

  • hosted wallets have not been compromised
  • our cold storage has not been compromised 
  • only a limited number of users that we have sent emails to might have been compromised

We will keep you posted.

Share this post


Link to post
Share on other sites
5 minutes ago, Pablo said:
10 hours ago, JA8 said:

I suggest setting up a relevant sub forum / club here and inviting all of those affected to join. Are there any lawyers on this forum?

There's one or two including me but it's premature to bring in lawyers.

You're absolutely right. There are so many factors still being looked into before anyone can point fingers and carry pitchforks. The more people stopping by and giving fresh insight is certainly helping figure out where the issues may have arisen from. Honestly, it's likely that the aggregate feedback of people here have helped isolate out some possibilities, making it easier for GateHub to figure out what's going on.

They can work on investigating if they see anything logged behind-the-scenes, but it helps having first-hand experience for them to not waste time looking into the wrong thing. Things like sharing that there were no "suspicious login" emails suggests that they probably don't need to assume it's just a password breach; or the statements that it seems that it's happening almost exclusively to high-value accounts suggests that they have access to a wallet list to find who to focus on for the highest yield.

Also, as a sidenote, lawyers aren't all going to be specialized and knowledgeable in every aspect of law. For example, if someone does family law exclusively, they're not going to have very much to suggest on this matter outside of some best practices. It's the same reason why people in the IT field are assumed to be specialists in both hardware and software xD.

Share this post


Link to post
Share on other sites
6 minutes ago, gatehub said:

We want to make it absolutely clear that:

  • hosted wallets have not been compromised
  • our cold storage has not been compromised 
  • only a limited number of users that we have sent emails to might have been compromised

We will keep you posted.

So people who really don't know how to create a new wallet, or can't transfer the XRP somewhere else should probably log into Gatehub and transfer all funds to the hosted wallet..

Share this post


Link to post
Share on other sites
23 minutes ago, AlessandroPiccione said:

API exploit, GateHub API ? Do you mean PUBLIC web API ?  I opened a ticket probably 1 year ago asking for API ... they don't have it. Right?
(Ripple data API is not GateHub API)

Called it.

See my previous post here: 

 

Share this post


Link to post
Share on other sites

Gatehub states it seems that all the hacked accts seemed to have their Ledger accts also hosted on GH. Could the breach have something to do with the method of extracting secret of ledger acct? There's a few vids from different accts on how to do this. Maybe one is nefarious.

Share this post


Link to post
Share on other sites
6 minutes ago, Silkjaer said:

On behalf of XRP Forensics
https://xrpforensics.org

(Public members: @alloyxrp, Bithomp, @Silkjaer)

A lot of respect for you and everyone else involved with researching this. I don't know much of the backstory, but my impression here is it's something you all are doing out of a courtesy and you weren't hired to do this sort of research. Regardless of if that's true, that's amazing that there are people working behind the scenes to essentially help people on the Internet.

Share this post


Link to post
Share on other sites

I've just been browsing the Gatehub site for the first time and couldn't find the Terms of Use or Legal information on their home page? If anyone can find that for me, please post or DM me.

That would have been a red flag for me by the way and should for all of you roaming the crypto-sphere. I can't comment on Gatehub's reasons but in any other situation it's the type of thing done to cut corners/cost and is typical of an organisation not focused on good corporate governance or risk management.

Also, for all affected users, I suggest you:

  1. start looking up all representations and advertising presented at the time you opened your account on Gatehub (not those on the page today). Those representations and inducements will be critical should you need to make a claim down the track.
  2. find the terms of use emailed to you at the time you opened an account on Gatehub (assuming this even occurred).

Share this post


Link to post
Share on other sites
Posted (edited)
27 minutes ago, Pablo said:

I've just been browsing the Gatehub site for the first time and couldn't find the Terms of Use or Legal information on their home page? If anyone can find that for me, please post or DM me.

That would have been a red flag for me by the way and should for all of you roaming the crypto-sphere. I can't comment on Gatehub's reasons but in any other situation it's the type of thing done to cut corners/cost and is typical of an organisation not focused on good corporate governance or risk management.

Also, for all affected users, I suggest you:

  1. start looking up all representations and advertising presented at the time you opened your account on Gatehub (not those on the page today). Those representations and inducements will be critical should you need to make a claim down the track.
  2. find the terms of use emailed to you at the time you opened an account on Gatehub (assuming this even occurred).

Grabbed them earlier today in case they changed/disappeared. Also, 1. and 2. above are critical. No further comment. 

https://cdn.discordapp.com/attachments/555840556383600666/585502172729573378/2019-06-04_-_Terms_of_Use_-_GateHub.pdf

https://gatehub.net/legal/terms

Edited by eromyr
Added Link to GH Site

Share this post


Link to post
Share on other sites
46 minutes ago, gatehub said:

API requests to the victim’s accounts were all authorized with a valid access token. There were no suspicious logins detected, nor there were any signs of brute forcing.

We have however detected an increased amount of API calls (with valid access tokens) coming from a small number of IP addresses which might be how the perpetrator gained access to encrypted secret keys.

Which API call(s) specifically? When you say "authorized with a valid access token" do you mean "authorized with the user's valid access token whom the encrypted account information belongs to" or just "just a random user's valid access token" who then was able to access encrypted account information of other accounts?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...