Jump to content
yxxyun

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k

Recommended Posts

24 minutes ago, hallwaymonitor said:

Indeed suspicious activity: At first the account receives lots of XRPs from multiple consumer-like accounts and after that it sends large amounts of XRPs to multiple exchanges and especially crypto swap services such as ChangeNOW, ALFAcashier, etc.

still crypto's no1 use case! hacking and money washing

:(

Share this post


Link to post
Share on other sites
8 hours ago, gatehub said:

Hey all! We are aware of the matter and are looking into it. If anyone has any information please contact us at: security@gatehub.net  

GateHub

Could you please give us more details when you have more info.

Thanks.

Share this post


Link to post
Share on other sites
13 hours ago, gatehub said:

Hey all! We are aware of the matter and are looking into it. If anyone has any information please contact us at: security@gatehub.net  

GateHub

I sent you guys a ticket and email I hope you can respond as soon as possible as this is not funny at all as no one knows my secret key from 2 years ago not unless it's an inside job yet mine just got compromised on the 30th of May.

Share this post


Link to post
Share on other sites
On 6/2/2019 at 11:57 AM, gatehub said:

Hey all! We are aware of the matter and are looking into it. If anyone has any information please contact us at: security@gatehub.net  

GateHub

Is there any update on this? I've got some XRP on GH that I might take out if it stays unclear whether it's a hoax, phishing, hack or inside job.

 

14 hours ago, cjeremys2 said:

I sent you guys a ticket and email I hope you can respond as soon as possible as this is not funny at all as no one knows my secret key from 2 years ago not unless it's an inside job yet mine just got compromised on the 30th of May.

Did you have 2FA on?

Share this post


Link to post
Share on other sites

Security Specialists at Gatehub, Ladies and Gentlemen, why You still can't implement security system something of the sorts that Kraken is using!?! Kraken have 2FA, but then if a person wants to buy/sell/send, there is an extra layer of protection with additional (different) password/secret word in order to execute that transaction!

So, in this case, even if someone manages to hack into Gatehub, bypassing 2 layers of protection, they will still be confronted with a third layer of protection of a unique password/secret word!!! (I guess it makes much sense to implement such a thing!)

Share this post


Link to post
Share on other sites

Quick update from my end.

Gatehub just sent an urgent security email notification stating that they believe people's ripple wallet security may have been compromised.

Not sure where to start on this one..

Share this post


Link to post
Share on other sites
18 hours ago, cjeremys2 said:

I sent you guys a ticket and email I hope you can respond as soon as possible as this is not funny at all as no one knows my secret key from 2 years ago not unless it's an inside job yet mine just got compromised on the 30th of May.

Cjeremy, I'm on the same boat as you.  My sister and I got all my funds stolen on the same date to the same address.  I have my 2FA on and only Gatehub have my secret key.  I bookmarked Gatehub site so I know I didn't get phished.  I honestly don't what to do.  Anyone one has any advice?

Share this post


Link to post
Share on other sites
Guest
Posted (edited)
5 hours ago, Caracappa said:

I've got some XRP on GH that I might take out if it stays unclear whether it's a hoax, phishing, hack or inside job.

XRP can be moved to and from a wallet in 3 seconds. There is no reason to leave XRP on an exchange unless you are trading it. 

If you're worried about missing a moon shot, you'll likely be able to move it to an exchange fast enough. 

Don't hold crypto on exchanges. Any exchange, it's bad bad bad. 

Heed the following individual's situation. 

55 minutes ago, cjeremys2 said:

Quick update from my end.

Gatehub just sent an urgent security email notification stating that they believe people's ripple wallet security may have been compromised.

Not sure where to start on this one..

 

Edited by Guest

Share this post


Link to post
Share on other sites
Guest
Posted (edited)
1 hour ago, joe91 said:

Security Specialists at Gatehub, Ladies and Gentlemen, why You still can't implement security system something of the sorts that Kraken is using!?! Kraken have 2FA, but then if a person wants to buy/sell/send, there is an extra layer of protection with additional (different) password/secret word in order to execute that transaction!

So, in this case, even if someone manages to hack into Gatehub, bypassing 2 layers of protection, they will still be confronted with a third layer of protection of a unique password/secret word!!! (I guess it makes much sense to implement such a thing!)

It gives the user a false sense of security. People, stop leaving your assets on exchanges! 

However inconvenienced you may feel by moving your coins to a wallet, it's not nearly as inconvenient as having to deal with being the victim of a hack. 

Edited by Guest

Share this post


Link to post
Share on other sites

One victim here as well. 799K stolen from my wallet raXpsscPp99gDrsm6qzTy9c6wQitr6q1h. No need to feel sorry as last year I could sell 1.6M XRP for about $1 average, so I'm still fine with even a very good amount of XRP left, now in a safer place as well (thanks @gatehub for warning)

I doubt it was hacked by 2FA bypassing as for several months didn't have any login to Gatehub myself and there is no sign of a suspicious attempt to my Gatehub wallet login and I use Google Auth (not SMS). And even if it was that way they DID left more than half of my funds untouched, so I think it didn't went that way. 

Truly hope it wasn't brute forcing secrets.... THAT would be scary....

Share this post


Link to post
Share on other sites
10 minutes ago, kanaas said:

One victim here as well. 799K stolen from my wallet raXpsscPp99gDrsm6qzTy9c6wQitr6q1h. No need to feel sorry as last year I could sell 1.6M XRP for about $1 average, so I'm still fine with even a very good amount of XRP left, now in a safer place as well (thanks @gatehub for warning)

I doubt it was hacked by 2FA bypassing as for several months didn't have any login to Gatehub myself and there is no sign of a suspicious attempt to my Gatehub wallet login and I use Google Auth (not SMS). And even if it was that way they DID left more than half of my funds untouched, so I think it didn't went that way. 

Truly hope it wasn't brute forcing secrets.... THAT would be scary....

Going to the hackers wallet.. they used you for the first transaction to activate their wallet...

Share this post


Link to post
Share on other sites
6 minutes ago, Inequivalent said:

Going to the hackers wallet.. they used you for the first transaction to activate their wallet...

yep, and it sure wasn't 'me' who did the activation :-(

Share this post


Link to post
Share on other sites
1 hour ago, Personology said:

I have my 2FA on and only Gatehub have my secret key.

34 minutes ago, kanaas said:

I doubt it was hacked by 2FA bypassing

Wow. That's wild to me that they got around the two-factor authentication as that's usually considered a "good enough" level of security for accounts. The only way I'd see someone getting around that is if they had the ability to disable your 2FA without requiring your 2FA to be used to do it. That most certainly would need an administrator-type level of access. Possibly enough to be able to access or manipulate their database.

I haven't been on GateHub since I used them to activate my first wallet. I don't recall if the secret keys are saved on their side and can be shown whenever you want in your account. However, if you can, then you know they must be stored as plain-text in some fashion. Assuming that's the case, then if someone got a hold of the plain-text secret keys (and the wallets), then they obviously have access to move things without worrying about 2FA to approve their action. This is more likely the case since it would be more straight-forward than disabling 2FA and finding a way to log in as each user to scrape their secret key.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...