Jump to content
yxxyun

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k

Recommended Posts

4 minutes ago, mrenne said:

Is this still ongoing as we speak or are you processing transactions from the last couple of days?

Latest thefts happened yesterday. They have cashed more out today.

Share this post


Link to post
Share on other sites
2 hours ago, alloyxrp said:

Sent. Users who have not interacted with @Silkjaer or @alloyxrp on DM earlier, are requested to send DMs please. This is only in order to protect victims.

I am also a victim. Can I please be included in this? Thx.

Share this post


Link to post
Share on other sites
1 hour ago, jlripple said:

Well I suspect this hack might be due to one of the API being exploited. No other way to explain how the thieves can just grab users' XRP without even logging in!!!

So the thief had a list of random email addresses and potentially passwords. They used this list and the API to determine which email address is linked to which wallet address. If they had a hit they could then see if they could login to the email service and search for an email containing the key. Maybe a lot of people email their key to themselves for 'safekeeping'.

Share this post


Link to post
Share on other sites
7 minutes ago, kachel said:

So the thief had a list of random email addresses and potentially passwords. They used this list and the API to determine which email address is linked to which wallet address. If they had a hit they could then see if they could login to the email service and search for an email containing the key. Maybe a lot of people email their key to themselves for 'safekeeping'.

I did not save the key electronically I physically wrote it down on the note for my safekeeping. I saw a lot other victims did the same. I don't think the hackers did it that way.

Share this post


Link to post
Share on other sites
6 minutes ago, kachel said:

So the thief had a list of random email addresses and potentially passwords. They used this list and the API to determine which email address is linked to which wallet address. If they had a hit they could then see if they could login to the email service and search for an email containing the key. Maybe a lot of people email their key to themselves for 'safekeeping'.

Reading the statement by gatehub yesterday about them turning off the access API on the 1st June 2019 but accounts still being robbed of their XRPs I believe the hackers somehow have access to the secret keys plus a way to decrypt them 

Share this post


Link to post
Share on other sites
4 minutes ago, kachel said:

So the thief had a list of random email addresses and potentially passwords. They used this list and the API to determine which email address is linked to which wallet address. If they had a hit they could then see if they could login to the email service and search for an email containing the key. Maybe a lot of people email their key to themselves for 'safekeeping'.

Can we stop with the “maybe” and other assumption as it just makes the victims look like an absolute idiot.

As Gatehub (CEO) stated the API Token was compromised hence whatever the hackers have accumulated in terms of keys before June 1 after they have disable the access will be on the target list of the thieves.

Share this post


Link to post
Share on other sites
19 minutes ago, cjeremys2 said:

Can we stop with the “maybe” and other assumption as it just makes the victims look like an absolute idiot.

As Gatehub (CEO) stated the API Token was compromised hence whatever the hackers have accumulated in terms of keys before June 1 after they have disable the access will be on the target list of the thieves.

Sorry about that, I was trying to be constructive but could have chosen my words more carefully. I had a theory which is probably not the case. Can you help me understand which API token? The thief has gained access to hashed / salted keys via this token?

Share this post


Link to post
Share on other sites
35 minutes ago, jlripple said:

Reading the statement by gatehub yesterday about them turning off the access API on the 1st June 2019 but accounts still being robbed of their XRPs I believe the hackers somehow have access to the secret keys plus a way to decrypt them 

So the hackers could continue decrypting them one by one and keep on stealing funds, not knowing if they've got all the adresses. Which would mean everyone should remove their XRP's from gatehub and that specific wallet adress and make a new one...

Would be nice if GH would give some more info and assure its all safe now. On the other hand, advising all they're customers to go away is suicide...

Share this post


Link to post
Share on other sites
8 minutes ago, kachel said:

Sorry about that, I was trying to be constructive but could have chosen my words more carefully. I had a theory which is probably not the case. Can you help me understand which API token? The thief has gained access to hashed / salted keys via this token?

Apologies as well as I just hate the fact that other people still put salt on an open wound even though we know that this is Gatehub's security flaws since the number of victims are now up to "81" and still counting yet other are still stating that it might be password or victims telling their peers about their secret key. I myself don't even know my secret key from 2 years ago when I created my account on Gatehub.

Also this API Access or API Call is part of Gatehub's infrastracture that allows customers to use an email address as a contact for sending funds. I'm not a hacker literate but it seems that they are able interfere with this API Access in order to gain information to the victim's keys but this doesn't answer the fact that some of the victims "have not logged in for years" yet hackers were still able to access their keys and stole their XRP.

I think we should all be asking the questions to @gatehub rather than play this assumption game about the victims password etc. especially when we have now at least 81+ victims and the fact that Gatehub is not giving updates on hourly or even daily basis makes me suspicious that they want to downplay this issue and let all the victims face their losses.

Share this post


Link to post
Share on other sites

 

20 hours ago, gatehub said:

We have however detected an increased amount of API calls (with valid access tokens) coming from a small number of IP addresses which might be how the perpetrator gained access to encrypted secret keys.

That, however, still doesn’t explain how the perpetrator was able to gain other required information needed to decrypt the secret keys.

All access tokens were disabled on June 1st after which the suspicious API calls were stopped.

 

1 hour ago, Silkjaer said:

Latest thefts happened yesterday [June 4th, red.]. They have cashed more out today.

 

1 hour ago, jlripple said:

Reading the statement by gatehub yesterday about them turning off the access API on the 1st June 2019 but accounts still being robbed of their XRPs I believe the hackers somehow have access to the secret keys plus a way to decrypt them 

 

1+1= Gatehub should e-mail all users asap to have them move funds to hosted wallets, safe addresses or re-key them.

@gatehub@Silkjaer@alloyxrp@enej

 

Unless they know exactly which addresses were exposed and who to contact, but that doesn't seem so from the outside. As the nr of victims already seems to outnumber their previous statement:

20 hours ago, gatehub said:

At the moment we estimate that 58 XRP Ledger wallets were compromised.

1 hour ago, Silkjaer said:

A small update from our research, we are now counting 80+ (most likely) victims.

 

 

Edited by zero-2-9
typo

Share this post


Link to post
Share on other sites
2 minutes ago, mrenne said:

Are there victims that have not been contacted by GateHub? 

The people who received the email from GateHub are the ones who already got hacked.  Honestly, GateHub should just email everyone at this point.  No reason to make more suffer. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...