Jump to content

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k

yxxyun

By yxxyun,
in General Discussion

 Share Followers 24

Recommended Posts

jlripple

jlripple 92

Posted
Posted
3 minutes ago, Geekluca said:

I think we should create a common group and go for a class action or at least for a common legal effort. This way if handiling such a problem is totally unacceptable. 

How much does class action cost? All of us from different countries 

Link to post
Share on other sites
  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Silkjaer

On June 1 we were made aware of a theft of 201,000 XRP (transaction F6E9E1385E11649A6C2F88723A821AF209B54030886539DCEF9DDD00E6446948) and immediately started investigation. It turned out that the acco

Silkjaer

Reminder: There is no direct evidence pointing to Gatehub being responsible even though it may appear as the most likely scenario right now. Just be careful about jumping to conclusions What you c

GateHub

Hey all! We are aware of the matter and are looking into it. If anyone has any information please contact us at: security@gatehub.net   GateHub

Posted Images

WWW

WWW 5

Posted
Posted
3 minutes ago, Geekluca said:

I think we should create a common group and go for a class action or at least for a common legal effort. This way if handiling such a problem is totally unacceptable. 

count me in.

Link to post
Share on other sites
Geekluca

Geekluca 61

Posted
Posted
Just now, jlripple said:

How much does class action cost? All of us from different countries 

The main issue is that we are 58 unlucky dudes. Some of us even totally inactive here. But I don’t seem any other way of solving this. This has to come out somehow, somewhere

Link to post
Share on other sites
2ndtimearound

2ndtimearound 6,958

Posted
Posted
1 hour ago, mrak said:

It seems pretty obvious to me that this is all a problem related to weak passwords.

When I created my first wallet with Ripple trade, the application generated a secret key, and then encrypted this with a password that I provided. Given that no one had access to my wallet file, this was very secure. Given that it was encrypted, if someone got ahold of my computer and found the wallet file, I would still be protected, given that my password was 30 characters long and impossible to brute force.

Then, Ripple asked us to move our wallets to Gatehub since they were no longer going to support Ripple Trade. Since my wallet was encrypted with a strong password, I didn't have a problem doing this. On top of that I placed some trust in Gatehub that their servers would be just as secure as my computer (this is obviously not true, it was the early days of crypto....)

So, what appears to have happened are two things:

  1. Some early users encrypted their wallet with a bad password: Either less than ~8 characters long, or a passphrase that can be found in a password dictionary.
  2. Gatehub had a security breach and some encrypted wallet files were accessed.
  3. The perpetrator used a brute force password attack on these files offline, and once the wallet was decrypted, they accessed the secret key and drained the balance using a service that is not associated with gatehub.
  4. It is irrelevant if 2FA was enabled, because the hackers didn't need to log into your gatehub account: They already had the encrypted wallet file.

If this is all true, it is difficult to say how responsible Gatehub is for storing your wallet that was encrypted with a weak password.

I'd say it's still gatehub's responsibility to ensure all of their customers use strong passwords.  It's not hard to do.  They could have emailed all of their customers advising them to ensure they use strong passwords, forcing the password change upon login every few months (even if someone doesn't login they can be emailed and warned to use a strong password), ensure a minimum password length, use of mixed capitalisation and wildcard and numerical characters.   Most sites do this, and certainly where the user password is the one point of potential weakness, you want to make sure passwords are as strong as possible. 

Link to post
Share on other sites
jlripple

jlripple 92

Posted
Posted
11 minutes ago, cjeremys2 said:

Pretty much had the same email as you with a subject “Unauthorised Transaction”. I guess no one will be getting any compensation from @gatehub

Is this the official announcement as mentioned yesterday by gatehub? As in asking us to fly kite? 

Link to post
Share on other sites
cjeremys2

cjeremys2 57

Posted
Posted
Just now, jlripple said:

Is this the official announcement as mentioned yesterday by gatehub? As in asking us to fly kite? 

It’s an email you get from their Customer Service Team hence you can class it as official reply to all the victim. Though I’ve replied to that Lado on Monday reputing the fact that @gatehub is not prepare to take responsibility for the losses or any compensation. Until now still haven’t receive any reply.

Link to post
Share on other sites
jlripple

jlripple 92

Posted
Posted
Just now, cjeremys2 said:

It’s an email you get from their Customer Service Team hence you can class it as official reply to all the victim. Though I’ve replied to that Lado on Monday reputing the fact that @gatehub is not prepare to take responsibility for the losses or any compensation. Until now still haven’t receive any reply.

Should be wait for another official reply as promised? 

Link to post
Share on other sites
Hero_Member

Hero_Member 119

Posted
Posted
1 hour ago, mrak said:

It seems pretty obvious to me that this is all a problem related to weak passwords.

...

If this is all true, it is difficult to say how responsible Gatehub is for storing your wallet that was encrypted with a weak password.

Do we know anything about the passwords used by the hacked wallets? If not, this seems premature..

Link to post
Share on other sites
Silkjaer

Silkjaer 542

Posted
Posted

The first approach should be cooperation with LEA. Maybe we can create a subgroup here for victims and coordinate efforts – collaboration between jurisdictions etc. 

If funds (or some of them) can be retrieved, it would be the first win.

We have a huge pile of evidence we can easily wrap up and send along.

Maybe invite a lawyer to the group as well for legal advice.

Link to post
Share on other sites
Julian_Williams

Julian_Williams 12,764

Posted
Posted

I have been away and not read this thread.  It seems a very big attack.  I saw one poster last 300K.  WOW, that is really awful.

First thought is that there may be an element of negligence on Gatehubs part.  If they designed and sold the wallet they had some sort of duty to make the  product secure and hack proof.  Allowing customers to set up wallets that contain life savings that are the likely target of hacking carries a duty of care.  Allowing the customers to set up with weak passwords would perhaps be a breach of that duty of care?

How many of these wallets were raided and how quickly did they stop the activity?

How unique was this hack?

What information did they get from Gatehub.  It seems this hack was restricted to Gatehub wallets so the hackers must have got some of their information about their targets from Gatehub. 

I suggest a group get together and make an assessment of how to get their XRP back.

 

I am very sorry for those that have lost XRP.  Good Luck

 

Link to post
Share on other sites
mrenne

mrenne 716

Posted
Posted
1 minute ago, Hero_Member said:

Do we know anything about the passwords used by the hacked wallets? If not, this seems premature..

I was thinking the same. If we assume a brute force attack is the most probable cause, then the user passwords of the hacked accounts should have been "relatively" weak. If any users are concerned with had a very strong password, we will need to look at other options.

 

Link to post
Share on other sites
mrak

mrak 23

Posted
Posted (edited)
9 minutes ago, Hero_Member said:

Do we know anything about the passwords used by the hacked wallets? If not, this seems premature..

For those of you who were hacked: Could you let us know the characteristics of your Ripple wallet passphrase? (Like length and whether it might be in a password dictionary?). As far as I understand, the wallet passphrase is not the same thing as your Gatehub login (I am not about to log in to their site now to check this....)

Edited by mrak
Link to post
Share on other sites
cjeremys2

cjeremys2 57

Posted
Posted (edited)
12 minutes ago, mrenne said:

I was thinking the same. If we assume a brute force attack is the most probable cause, then the user passwords of the hacked accounts should have been "relatively" weak. If any users are concerned with had a very strong password, we will need to look at other options.

 

I don’t think the password is the issue as mine takes 6588 centuries to be cracked based on a website. 

Goodluck cracking my password if that is the case. Mine consists of 12 characters with few letters & number and special characters.

Also I’ve been with Gatehub for 2 years using the same password solely for Gatehub not used on my other accounts hence if someone knew it why use a backdoor? when you can just login on the UI. Also where does 2FA sit on this since it was bypassed easily.

Edited by cjeremys2
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Followers 24
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept