Jump to content
yxxyun

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k

Recommended Posts

well its becoming obvious its not a user fault issue are gatehub ripple chris and his billonaire mates gonna stand up and take some responibility here ?

Share this post


Link to post
Share on other sites
23 minutes ago, lucky said:

On the contrary, it would set a good precedence.

It would demonstrate one of the strategic purposes of Ripple's 50bn stash: full insurance.

Something no other decentralized cryptocurrency can offer, and quite possibly a deciding factor for banks when choosing XRP for cross border value exchange.

Why should Ripple reimburse? Why not you or anybody else? 

I thought we all agree that XRP isn't centralized and Ripple is nothing more than one of the (biggest) holders of XRP...

It would really set a bad precedense.

Share this post


Link to post
Share on other sites
27 minutes ago, Sukrim said:

It just would incentivize a business model of: grow fast, get users, get "hacked", get bailed out by big daddy Ripple, retire.

A very concise and accurate reading!

Share this post


Link to post
Share on other sites
1 minute ago, lucky said:

They've sent all their rippletrade users to this unaudited exchange in the first place.

Unauditable because they (still) are closed source... one of very few closed source cryptowallet providers by the way.

Share this post


Link to post
Share on other sites
2 minutes ago, Sukrim said:

Unauditable because they (still) are closed source... one of very few closed source cryptowallet providers by the way.

Closed source does not prevent security audits.

Share this post


Link to post
Share on other sites

It seems pretty obvious to me that this is all a problem related to weak passwords.

When I created my first wallet with Ripple trade, the application generated a secret key, and then encrypted this with a password that I provided. Given that no one had access to my wallet file, this was very secure. Given that it was encrypted, if someone got ahold of my computer and found the wallet file, I would still be protected, given that my password was 30 characters long and impossible to brute force.

Then, Ripple asked us to move our wallets to Gatehub since they were no longer going to support Ripple Trade. Since my wallet was encrypted with a strong password, I didn't have a problem doing this. On top of that I placed some trust in Gatehub that their servers would be just as secure as my computer (this is obviously not true, it was the early days of crypto....)

So, what appears to have happened are two things:

  1. Some early users encrypted their wallet with a bad password: Either less than ~8 characters long, or a passphrase that can be found in a password dictionary.
  2. Gatehub had a security breach and some encrypted wallet files were accessed.
  3. The perpetrator used a brute force password attack on these files offline, and once the wallet was decrypted, they accessed the secret key and drained the balance using a service that is not associated with gatehub.
  4. It is irrelevant if 2FA was enabled, because the hackers didn't need to log into your gatehub account: They already had the encrypted wallet file.

If this is all true, it is difficult to say how responsible Gatehub is for storing your wallet that was encrypted with a weak password.

Edited by mrak

Share this post


Link to post
Share on other sites

I think Ripple has some responsibility to Gatehub.   Back in 2013 I think the Ripple Trade service that hosted the ripple wallets shut down, encouraging users to migrate their Ripple wallets to gatehub, the ripple trade website is still encouraging this action.   Although users do have a choice of where to host their coins, by encouraging users to migrate to a hacked exchange would conclude that there is some form of linked responsibility to Gatehub.  Ideally Ripple, to cover themselves, should change their Ripple Trade website to not use Gatehub and use a wallet of the users choice.

Share this post


Link to post
Share on other sites
22 minutes ago, lucky said:

No, the point I am trying to make is that defrauding the security company is not as easy as just setting your house on fire. Neither will it easy to "just getting yourself hacked". Of course, the exchange will need to prove that it's not their fault: through regular third party security audits and screenings.

If you don't see the 50bn as a potential resource for providing insurance, you're not seeing the whole picture of what Ripple is building.

Still, in IT the situation is a little more complicated. In your insurance example, either you burnt down your house, or you didn't. Crime investigators will find out most of the time. In IT, you can argue. You protected your account with a password, does it mean you did everything to prevent being hacked? Or do you still carry at least part of the responsibility, because your password was not strong enough? When is your password strong enough? As you know, insurance companies will do everything to limit their responsibility.

Second, I do not see the 50bn XRP owned by Ripple as a free insurance for everybody. I do see potential for insurance of crypto assets, as it would leverage adoption especially at consumer level (which is not the core of the whole project, but that can change), but that has nothing to do with the 50bn of Ripple, as third parties could also offer such a service. Insurance is not Ripple's core business. This insurance would, of course, be a paid service: not the 50bn of Ripple would compensate the losses of the unfortunate, but the fees collected by all insured users.

Third, whether or not Ripple carries any responsibility here, by recommending people to move to GateHub is a question I can not answer.

Share this post


Link to post
Share on other sites

Just received this from Gatehub. It makes absolutely NO SENSE

 

##- Please type your reply above this line -##

Dear mr. Xxxx

We must inform you that due to the irreversibility of the XRP Ledger transactions, we, unfortunately, can not refund your losses.

We strongly advise you to contact your local law-enforcement authorities. Please file a report with them and ask for their assistance with further escalation if that applies to your case. They may also be able to give advice on how you can help us with the investigation. 

Any kind of information you may provide about the incident could be helpful with our investigative efforts. 

Important! We urge you to take the following measures to improve the security of your GateHub account:

Enable 2-Factor Authentication for your GateHub account and safely store the 2FA backup code (“Authentication key”)
Create a new hosted wallet (instructions available on our support page) 
Transfer funds from your ripple wallet to newly created hosted wallet (instructions available on our support page); 

For your personal email account

Update your login password. 
Set-up an additional layer of security on the email address (2-Factor Authentication, SMS validation, account activity notification,...). Read more about it on our support page, here. 


Additionally, we kindly ask you for your cooperation to help us with the investigation. Your cooperation will also help improve the security of GateHub and the XRP Ledger network. Please answer the questions below.


a) Have you ever received any suspicious emails that were emulating an email from GateHub and asking for any kind of personal information related to your GateHub account? If so, please forward it to security@gatehub.net. 
b) Have you ever used or are still using any other gateways besides GateHub and Ripple trade, or any other XRP Ledger network clients using the same XRP Leder secrets?
c) Have you ever used the same login password on a website other than gatehub.net?
d) Did you have 2FA enabled for your account at the time of the unauthorised transaction?
e) Have you accessed your ripple wallet’ secret key?
f) Have you stored your ripple wallet’ secret key anywhere? 

 

Kind regards,

Lado

Share this post


Link to post
Share on other sites
10 minutes ago, Geekluca said:

Just received this from Gatehub. It makes absolutely NO SENSE

 

##- Please type your reply above this line -##

Dear mr. Xxxx

We must inform you that due to the irreversibility of the XRP Ledger transactions, we, unfortunately, can not refund your losses.

We strongly advise you to contact your local law-enforcement authorities. Please file a report with them and ask for their assistance with further escalation if that applies to your case. They may also be able to give advice on how you can help us with the investigation. 

Any kind of information you may provide about the incident could be helpful with our investigative efforts. 

Important! We urge you to take the following measures to improve the security of your GateHub account:

Enable 2-Factor Authentication for your GateHub account and safely store the 2FA backup code (“Authentication key”)
Create a new hosted wallet (instructions available on our support page) 
Transfer funds from your ripple wallet to newly created hosted wallet (instructions available on our support page); 

For your personal email account

Update your login password. 
Set-up an additional layer of security on the email address (2-Factor Authentication, SMS validation, account activity notification,...). Read more about it on our support page, here. 


Additionally, we kindly ask you for your cooperation to help us with the investigation. Your cooperation will also help improve the security of GateHub and the XRP Ledger network. Please answer the questions below.


a) Have you ever received any suspicious emails that were emulating an email from GateHub and asking for any kind of personal information related to your GateHub account? If so, please forward it to security@gatehub.net. 
b) Have you ever used or are still using any other gateways besides GateHub and Ripple trade, or any other XRP Ledger network clients using the same XRP Leder secrets?
c) Have you ever used the same login password on a website other than gatehub.net?
d) Did you have 2FA enabled for your account at the time of the unauthorised transaction?
e) Have you accessed your ripple wallet’ secret key?
f) Have you stored your ripple wallet’ secret key anywhere? 

 

Kind regards,

Lado

Me too, just got it same email 

Share this post


Link to post
Share on other sites
7 minutes ago, Geekluca said:

Just received this from Gatehub. It makes absolutely NO SENSE

 

##- Please type your reply above this line -##

Dear mr. Xxxx

We must inform you that due to the irreversibility of the XRP Ledger transactions, we, unfortunately, can not refund your losses.

We strongly advise you to contact your local law-enforcement authorities. Please file a report with them and ask for their assistance with further escalation if that applies to your case. They may also be able to give advice on how you can help us with the investigation. 

Any kind of information you may provide about the incident could be helpful with our investigative efforts. 

Important! We urge you to take the following measures to improve the security of your GateHub account:

Enable 2-Factor Authentication for your GateHub account and safely store the 2FA backup code (“Authentication key”)
Create a new hosted wallet (instructions available on our support page) 
Transfer funds from your ripple wallet to newly created hosted wallet (instructions available on our support page); 

For your personal email account

Update your login password. 
Set-up an additional layer of security on the email address (2-Factor Authentication, SMS validation, account activity notification,...). Read more about it on our support page, here. 


Additionally, we kindly ask you for your cooperation to help us with the investigation. Your cooperation will also help improve the security of GateHub and the XRP Ledger network. Please answer the questions below.


a) Have you ever received any suspicious emails that were emulating an email from GateHub and asking for any kind of personal information related to your GateHub account? If so, please forward it to security@gatehub.net. 
b) Have you ever used or are still using any other gateways besides GateHub and Ripple trade, or any other XRP Ledger network clients using the same XRP Leder secrets?
c) Have you ever used the same login password on a website other than gatehub.net?
d) Did you have 2FA enabled for your account at the time of the unauthorised transaction?
e) Have you accessed your ripple wallet’ secret key?
f) Have you stored your ripple wallet’ secret key anywhere? 

 

Kind regards,

Lado

Pretty much had the same email as you with a subject “Unauthorised Transaction”. I guess no one will be getting any compensation from @gatehub

Share this post


Link to post
Share on other sites

I think we should create a common group and go for a class action or at least for a common legal effort. This way if handiling such a problem is totally unacceptable. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...