Jump to content

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k

Recommended Posts

5 minutes ago, Selective said:


Adding to your amazing work 

Two things:

1 - Second transaction to the hacker's address was an Incoming transaction from Chloe Hunt (https://twitter.com/saidchloe)

2 - The hacker is moving out all the xrp and one of the addresses Is https://xrpscan.com/account/rGSWKo2oiJnJiPEoHvDZTK2XG7RtE62Cbh

Which activated by Dave Dean

so yes, probably Chloe and Dave got hacked. The hackers activated accounts with the stolen XRP.

Link to post
Share on other sites
  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

On June 1 we were made aware of a theft of 201,000 XRP (transaction F6E9E1385E11649A6C2F88723A821AF209B54030886539DCEF9DDD00E6446948) and immediately started investigation. It turned out that the acco

Reminder: There is no direct evidence pointing to Gatehub being responsible even though it may appear as the most likely scenario right now. Just be careful about jumping to conclusions What you c

Hey all! We are aware of the matter and are looking into it. If anyone has any information please contact us at: security@gatehub.net   GateHub

Posted Images

1 hour ago, gatehub said:

At the moment we estimate that approximately 5858 XRP Ledger wallets were compromised. So far it looks like all the victims had their XRP Ledger wallets hosted on GateHub, but we cannot yet rule out that some wallets were not.

Is it 58 or 5858? XRPforensics estimated 50-60 so i hope this is a typo?

Link to post
Share on other sites
58 minutes ago, Xrylite said:

A lot of respect for you and everyone else involved with researching this. I don't know much of the backstory, but my impression here is it's something you all are doing out of a courtesy and you weren't hired to do this sort of research. Regardless of if that's true, that's amazing that there are people working behind the scenes to essentially help people on the Internet.

Thank you! The team really appreciate your comment!

57 minutes ago, Maeglin444 said:

12 mil XRP have already been laundered and cashed out at exchanges.  How does that even work?  Can’t it still be traced  to the exchange and then the exchange should KYC in place ?

Absolutely. Some of the destinations are exchange services though, were funds are directly exchanged for another currency. It makes the job more difficult, but I am sure LEAs will have a lot of leads to go from.

Link to post
Share on other sites

@Silkjaer, thanks for the work you guys are doing. I am one of the affected users and lost a fair amount of XRP. I am also included in the picture you posted in your previous post.

What would be the procedure in this case? Talking in a more specific way, do I need to  stop thinking about it or will there be a way to get the XRP back? I assume @gatehub should reply to this though. 


Thanks again for the work and effort that you guys are putting into it. 

Link to post
Share on other sites
13 minutes ago, Geekluca said:

What would be the procedure in this case? Talking in a more specific way, do I need to  stop thinking about it or will there be a way to get the XRP back? I assume @gatehub should reply to this though. 

Unfortunately we cannot answer the question of getting the XRP back.

However, we do again urge all victims to make a law enforcement complaint. Remember, the more complaints there are, the greater the possibility of a coordinated effort by multiple agencies to track down the perpetrators.

On behalf of xrpforensics.

Link to post
Share on other sites

@alloyxrp I am taking care of the law enforcement  tomorrow. 

But In principle, they stole my “goods” from someone who promised to take care of my “goods” and that promised to be 100% safe. 

I don’t wanna put the blame on anyone, of course, but the situation here is pretty clear. If you claim to take care of something, you should take care of it. If you don’t, it’s your fault. 

Link to post
Share on other sites
3 hours ago, Drew said:

Nice, my 2fa isn't working to check my account - I got the email also.

Luckily minimum amounts in GH accounts - but still hundreds of $ at least :-(

Logged in, I'm golden. No problems with fraudulent transaction s

Link to post
Share on other sites

Long time lurker here but decided to finally create an account.

First of all i feel terrible for all the people who lost their xrp. I hope the person who did this can be found and all the zerps can be reimbursed to their rightfull owners.

@Silkjaer & @alloyxrp keep up the good work with xrpforensics. As an active LEO I find the things you guys do very, very interesting. I believe blockchain is the future and we can't know enough about how to 'read' patterns and track stolen funds. Also wondering what kind of software you guys use to create the awesome visual graphs.


Link to post
Share on other sites

This happens to me on july 2017 they stole from me 300K, it was a pre created account by them (gatehub ripple wallet) I mentioned in this forum back then, nobody believed ...I asked for Enej help, to unlock my wallet back then directly, and suddenly he answered back that is unlock with a balance of 30 xrp .... its a fraud , they stole my XRP, they havent retunred back my XRP... they should be in jail... thats for sure

Link to post
Share on other sites
3 hours ago, gatehub said:

Dear valued community members,


Recently, we have been notified by our customers and community members about funds on their XRP Ledger wallets being stolen and immediately started monitoring network activity and conducted an extensive internal investigation.

Although we have not identified any action or omission by GateHub that may have facilitated or allowed this apparent theft to occur, we apologize deeply to all of our customers for this issue and pledge to get to the bottom of it.

We already sent out an email to all users that might be affected as a result of suspicious API calls with instructions on how to protect their funds.

If you received an email from us, please read it carefully and act accordingly.

If you have not received an email from us, then we have no reason to believe your account was compromised.

While the investigation is still underway and we can not post any official conclusions just yet here are a couple of findings so far.

API requests to the victim’s accounts were all authorized with a valid access token. There were no suspicious logins detected, nor there were any signs of brute forcing.

We have however detected an increased amount of API calls (with valid access tokens) coming from a small number of IP addresses which might be how the perpetrator gained access to encrypted secret keys.

That, however, still doesn’t explain how the perpetrator was able to gain other required information needed to decrypt the secret keys.

All access tokens were disabled on June 1st after which the suspicious API calls were stopped.

At the moment we estimate that 58 XRP Ledger wallets were compromised. So far it looks like all the victims had their XRP Ledger wallets hosted on GateHub, but we cannot yet rule out that some wallets were not.

To conclude the investigation as soon as possible, we are working closely with a professional IT forensics team to determine whether our system was compromised or not.

Appropriate Law Enforcement Agencies were also notified about these thefts, and we will work diligently with them to help track the perpetrator who did this.

We will post an official statement after the internal investigation has been completed.

Last but not least, we would like to thank the community for offering continuous help.

If you have any information that might help us or law enforcement agencies, please contact us via security@gatehub.net.


Enej Pungercar

Founder and CEO, GateHub

It feels bad when I'm one of the victim that got my XRP stolen yet this reply from the CEO doesn't feel me with relief whatsoever as nothing on this sea of sentences offers any help about getting my XRP back.

Also this API Hacking is very similar to what Binance had on the 2nd week of May yet it's just only now that @Gatehub reacted to plugging those holes at the cost of 58+ (including me) or so victims losing all their life savings.

Definitely not recommending Gatehub wallet anymore after this shenanigans.

Link to post
Share on other sites
39 minutes ago, Harrryquartz said:

It's a London based company so have contacted the Serious Fraud Office or the Met to register it as a crime. Since it looks like several million has been stolen they will want to be talking to the company. Though would be surprised if Gatehub was not already in contact and if not suspect they will be having to ask a number of searching questions. Anyone who is a victim should contact the police or serious fraud office. Maybe Gatehub might start taking this seriously. 

In any investigation of this nature, yes surely the custodian of the asset will be a suspect - either as an entire entity (unlikely, but can't be ruled out), and/or individuals within the company (more likely IMO).  I think the appropriate response to anyone getting a "unfortunately the tranasctions are irreversible so we can't refund you" email...is anger and letting gatehub know that the irreversibility of blockchain doesn't mean the custodian of their wallets isn't somehow less liable for losses.  People have lost life savings here thinking they were safe.  I don't know how gatehub can also say with certainity that other wallets are safe without a thorough investigation.  Surely everyone should be getting an email asking them to update their 2FA since 2FA was bypassed and it's possible the 2FA secret keys were therefore compromised. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.