Jump to content

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k


Recommended Posts

  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

On June 1 we were made aware of a theft of 201,000 XRP (transaction F6E9E1385E11649A6C2F88723A821AF209B54030886539DCEF9DDD00E6446948) and immediately started investigation. It turned out that the acco

Reminder: There is no direct evidence pointing to Gatehub being responsible even though it may appear as the most likely scenario right now. Just be careful about jumping to conclusions What you c

Hey all! We are aware of the matter and are looking into it. If anyone has any information please contact us at: security@gatehub.net   GateHub

Posted Images

5 minutes ago, cjeremys2 said:

I don’t think the password is the issue as mine takes 6588 centuries to be cracked based on a website. 

Goodluck cracking my password if that is the case. Mine consists of 12 characters with few letters & number with special characters.

Also I’ve been with Gatehub for 2 years using the same password hence if someone knew it why use a backdoor? when you can just login on the UI.

So I think we can forget weak passwords...

Link to post
Share on other sites
1 minute ago, Plikk said:

Gatehub is acting like some kind of Mt. Gox here. Very toxic for the space and especially XRP.  I feel very sorry for those affected and hope this will get sorted out and GH takes their responsibility!

I think we all have to wait a little bit, and help to find the cause and make sure it can never happen again. Any lawyer would tell Gatehub to deny any responsibility, unless it is proven that it is their fault. That is just the way these things work, sadly..

 

Link to post
Share on other sites
8 minutes ago, cjeremys2 said:

I don’t think the password is the issue as mine takes 6588 centuries to be cracked based on a website. 

Goodluck cracking my password if that is the case. Mine consists of 12 characters with few letters & number and special characters.

Also I’ve been with Gatehub for 2 years using the same password solely for Gatehub not used on my other accounts hence if someone knew it why use a backdoor? when you can just login on the UI. Also where does 2FA sit on this since it was bypassed easily.

Is your Ripple wallet passphrase the same as your Gatehub login password? I am pretty confident that the two are different. When I imported my Ripple Trade wallet that was already encrypted, I do not recall them asking me to decrypt it, and then re-encrypt it with my Gatehub password (perhaps I am wrong).

Link to post
Share on other sites

The case I know of the 2FA and IP check were somehow bypassed. I am not an expert but this sounds like GH itself was compromised. 

Now they take this 'formal' stance with long emails instead of owning up and quickly solving the issue. I always liked GH but this is disappointing

CZ Binance was quick to act and communicate. Owning up to the situation and reassuring his customers. That is the way to do business nowadays. 

Link to post
Share on other sites

probably best to get the press involved at this stage rather than lawyers , anyone got any connections ?

get the information out there name and shame gatehub ripple chris larson arthur britto all connected to gatehub and the procedure to migrate wallet to an unsecure gateway , maybe we can find out more about  arthur britto at the same time kill two birds with one stone . 

 

Link to post
Share on other sites

Catch the *******(s) is my preferred solution.

Spreading the XRP out over multiple exchanges for cash-out is a double-edged sword;  it increases their chances of extracting cash, but it also increases their exposure - and it indicates that they had good intel/plan on how to pull off the heist - but did not have a clear path or inside connections on the cash-out end, which also indicates their own lack of confidence in their sophistication on pulling off that part of the operation... so, maybe it's not even a "them".  The interesting parts of this will take place at exchanges/banks.

We'll see.

Link to post
Share on other sites
4 minutes ago, mrak said:

Is your Ripple wallet passphrase the same as your Gatehub login password? I am pretty confident that the two are different. When I imported my Ripple Trade wallet that was already encrypted, I do not recall them asking me to decrypt it, and then re-encrypt it with my Gatehub password (perhaps I am wrong).

I think Gatehub had a database to decrypt from Rippletrade. As far as i know, there is only 1 pass for Gatehub access and secret key encryption...

Link to post
Share on other sites
5 minutes ago, mrak said:

Is your Ripple wallet passphrase the same as your Gatehub login password? I am pretty confident that the two are different. When I imported my Ripple Trade wallet that was already encrypted, I do not recall them asking me to decrypt it, and then re-encrypt it with my Gatehub password (perhaps I am wrong).

I didn’t have Ripple Trade Wallet I technically just heard of that on this thread. I initially signed up on Gatehub on November 2017 hence my password from the start till now hasn’t changed.

 

5 minutes ago, ixarepe said:

The case I know of the 2FA and IP check were somehow bypassed. I am not an expert but this sounds like GH itself was compromised. 

Now they take this 'formal' stance with long emails instead of owning up and quickly solving the issue. I always liked GH but this is disappointing

CZ Binance was quick to act and communicate. Owning up to the situation and reassuring his customers. That is the way to do business nowadays. 

I wish I was with Binance now that I can see clear difference with a small exchange vs a big one.

As Binance assured all customers that their assests will be restored.

But with @gatehub I don’t think they will take a heat from it rather deviate that its the user’s fault since until now they are still investigating further even though the CEO himself stated that it was API Token Access from their website that enabled the hackers to gain access to 58+ or more accounts.

Link to post
Share on other sites
5 minutes ago, cjeremys2 said:

I didn’t have Ripple Trade Wallet I technically just heard of that on this thread. I initially signed up on Gatehub on November 2017 hence my password from the start till now hasn’t changed.

 

I wish I was with Binance now that I can see clear difference with a small exchange vs a big one.

As Binance assured all customers that their assests will be restored.

But with @gatehub I don’t think they will take a heat from it rather deviate that its the user’s fault since until now they are still investigating further even though the CEO himself stated that it was API Token Access from their website that enabled the hackers to gain access to 58+ or more accounts.

Agreed, Binance acted great, but they already created a safety fund in case of hacks. This loss could also mean the end of Gatehub, and getting anything from a bankrupt company will be even harder.. Check the Cryptopia drama..

Edited by Hero_Member
Link to post
Share on other sites

Question @Pablo: Does the fact that Gatehub's wallet service is free change anything regarding their liability? No-one paid anything to Gatehub for them to store their keys.

Money is made entirely through the gateway service, which is not mandatory to use.

Link to post
Share on other sites
26 minutes ago, jlripple said:

Should be wait for another official reply as promised? 

The "we didn't do it" approach is often the first answer when something goes wrong (Binance was a positive exception to this rule, but in this case it was much more clear what had happened). Especially in cases like this, that are not black/white, the company will try to win time to find out what happened and how strong their own position is. I guess we are still in this stage. First they officially decline responsibility in order to limit their own liability. Then they look into it, especially now it is clear the case is important. Then they will evaluate their position and finally they will evaluate the different options they have.

They will surely seek legal advice themselves and estimate their chances if this goes to court, before to make any further announcements. This takes time. Depending on what really happened and their own financial situation (not sure they have the cash to compensate the losses), they can still decide it's cheaper to reimburse everybody, than to enter a long legal battle which will also impact their reputation.

Gatehub's financial position is not that strong but they did have the equivalent of 27M XRP in cash positions in 2017, and as it is a ltd company, shareholders only have a very limited liability. Chris Larsen only has a tiny little piece of the cake IIRC, something like 2.5%.

I am not personally involved, but I would suggest victims to organize themselves, choose one spokesman that takes care of initial communication, and giving GateHub a deadline for their final statement, and in the mean time, initiate all necessary steps to be able to start legal action later on (file police report, gather proof,...)

Link to post
Share on other sites
15 minutes ago, faz said:

probably best to get the press involved at this stage rather than lawyers , anyone got any connections ?

get the information out there name and shame gatehub ripple chris larson arthur britto all connected to gatehub and the procedure to migrate wallet to an unsecure gateway , maybe we can find out more about  arthur britto at the same time kill two birds with one stone . 

 

In which way is Arthur Britto involved in GateHub? I know he is involved in Bitstamp, but GateHub??

Link to post
Share on other sites
1 minute ago, mrenne said:

The "we didn't do it" approach is often the first answer when something goes wrong (Binance was a positive exception to this rule, but in this case it was much more clear what had happened). Especially in cases like this, that are not black/white, the company will try to win time to find out what happened and how strong their own position is. I guess we are still in this stage. First they officially decline responsibility in order to limit their own liability. Then they look into it, especially now it is clear the case is important. Then they will evaluate their position and finally they will evaluate the different options they have.

They will surely seek legal advice themselves and estimate their chances if this goes to court, before to make any further announcements. This takes time. Depending on what really happened and their own financial situation (not sure they have the cash to compensate the losses), they can still decide it's cheaper to reimburse everybody, than to enter a long legal battle which will also impact their reputation.

Gatehub's financial position is not that strong but they did have the equivalent of 27M XRP in cash positions in 2017, and as it is a ltd company, shareholders only have a very limited liability. Chris Larsen only has a tiny little piece of the cake IIRC, something like 2.5%.

I am not personally involved, but I would suggest victims to organize themselves, choose one spokesman that takes care of initial communication, and giving GateHub a deadline for their final statement, and in the mean time, initiate all necessary steps to be able to start legal action later on (file police report, gather proof,...)

good points , this has been going on for a week now i,m sure gatehub chris arthur david greg have all looked into this and know whats happened , they are dragging their feet , people who are affected just want to know whether they are going to get their xrp back or not or weather they are going to have to get the press and lawyer sinvolved and drag this through the courts , thats the bottom line .

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.