Jump to content
yxxyun

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k

Recommended Posts

Sorry to hear that kanaas.  Is there anyway we can get reimbursed if Gatehub is found to be at fault?  I lost almost 100k and am just devastated.  I believe in the tech and held it for over 6 years just to have it stolen by a exchange that was recommended by Ripple.  I could've sold some during the time it peaked now I'm mad at myself for not doing it.  That's all I have... my wife is going to kill me.  

Share this post


Link to post
Share on other sites

Same here. My 25,800 XRP has been just gone 4 days ago and all GateHub saying is that they will investigate.

I also thought that it would be secure enough since I had 2-factory authentificator. Can't believe it's just gone after I have been keeping this for more than 3 yrs. So sad.

Share this post


Link to post
Share on other sites
5 minutes ago, Personology said:

Sorry to hear that kanaas.  Is there anyway we can get reimbursed if Gatehub is found to be at fault?  I lost almost 100k and am just devastated.  I believe in the tech and held it for over 6 years just to have it stolen by a exchange that was recommended by Ripple.  I could've sold some during the time it peaked now I'm mad at myself for not doing it.  That's all I have... my wife is going to kill me.  

No need to feel sorry, I'm financial more than fine enough (but still real angry, because I had some plans with those funds in a few projects in Central Africa) 
Actually I'm feeling a lot more with guys like you who lost all of your holdings - even if with lower amounts.

Don't know if Gatehub can be held responsible. Depends on the way how we were hacked. Doubt that it was by way of abusing our personal GH accounts (bypassing 2FA). Logs @gatehub should give an idea how/when our accounts were (not) used on the UI. If it wasn't this, they are 3 options left

1) our secret keys were captured somewhere online
2) GH vault has been hacked and decrypted secret
3) secret keys were brute forced on XRPL

Normally I would say 1) is most plausible (if indeed out GH accounts were not abused as I think) but for my part I doubt this as well, because I'v  always been extreme cautious with my secret keys (not on line and just on paper) and this wouldn't explain the group of other accounts (not related in this exposure possibility) that have heen hacked almost in the same time

Share this post


Link to post
Share on other sites
22 minutes ago, Xrylite said:

I don't recall if the secret keys are saved on their side and can be shown whenever you want in your account. However, if you can, then you know they must be stored as plain-text in some fashion.

They're stored encrypted server-side, and your browser decrypts them using your account password, which you need to re-enter when performing an activity that requires the secret key. So, they shouldn't be stored anywhere in plaintext, just as your account password shouldn't be stored anywhere in plain text.

These hacks raise a lot of questions around that though. It's concerning that they seem to be targeting high-worth wallets, which suggests that they could pick and choose who they wanted to target, which suggests that whatever exploit they're using could be applied to a large number of wallets.

Share this post


Link to post
Share on other sites
1 minute ago, kanaas said:

1) our secret keys were captured somewhere online
2) GH vault has been hacked and decrypted secret
3) secret keys were brute forced on XRPL

Normally I would say 1) is most plausible (if indeed out GH accounts were not abused as I think) but for my part I doubt this as well, because I'v  always been extreme cautious with my secret keys (not on line and just on paper) and this wouldn't explain the group of other accounts (not related in this exposure possibility) that have heen hacked almost in the same time

Another possibility, malware could capture the encrypted secret on your PC as it's received by your browser.

In any case, once they have the encrypted secret, it would be easier to brute-force a Gatehub password than a full secret key, depending on the strength of an individual's password.

Share this post


Link to post
Share on other sites
3 minutes ago, kanaas said:

Actually I'm feeling a lot more with guys like you who lost all of your holdings - even if with lower amounts.

I feel exactly the same way. Although I'm not affected by this, this would be no different from people having their bank accounts wiped and not having it be directly reversible. It's scenarios like these that add another hurdle to crypto. As much as we want to cut out middlemen (specifically banks) when transferring and storing money, they're also the ones that insure your money in situations like these. XRP may be "the banker's coin", but if that means our storage is eventually insured in some way, then embrace it.

Share this post


Link to post
Share on other sites
1 minute ago, Xrylite said:

I feel exactly the same way. Although I'm not affected by this, this would be no different from people having their bank accounts wiped and not having it be directly reversible. It's scenarios like these that add another hurdle to crypto. As much as we want to cut out middlemen (specifically banks) when transferring and storing money, they're also the ones that insure your money in situations like these. XRP may be "the banker's coin", but if that means our storage is eventually insured in some way, then embrace it.

And all that "KYC" on most exchanges serves to nothing so it seems.... 

Share this post


Link to post
Share on other sites
2 minutes ago, at3n said:

Another possibility, malware could capture the encrypted secret on your PC as it's received by your browser.

1 hour ago, kanaas said:

I doubt it was hacked by 2FA bypassing as for several months didn't have any login to Gatehub myself and there is no sign of a suspicious attempt to my Gatehub wallet login and I use Google Auth (not SMS).

Zero-day malware for that would obviously be very valuable, given the nature of what is unraveling. I don't want it to be malware though since kanaas noted he hasn't done anything with Gatehub in months. So, that malware would have to have been benign or undetected for that long. Although, I do completely agree that it is many magnitudes easier to brute force a password given common password practices.

Can anyone affirm whether their Gatehub account that had funds taken uses a password from a password manager (Lastpass, Dashlane, 1Pass)? Those would certainly be unreliable to brute force through.

Share this post


Link to post
Share on other sites
1 hour ago, LordVetinari said:

XRP can be moved to and from a wallet in 3 seconds. There is no reason to leave XRP on an exchange unless you are trading it. 

If you're worried about missing a moon shot, you'll likely be able to move it to an exchange fast enough. 

Don't hold crypto on exchanges. Any exchange, it's bad bad bad. 

Heed the following individual's situation. 

 

Unfortunately have to agree with you. The initial idea was that even with GH you control your secret key, or so they told us... Apparantly not so much.

Share this post


Link to post
Share on other sites

wouldnt your xrp be safe if it was just left in the ripple wallet and not placed in the primary wallet provided by gatehub?

Share this post


Link to post
Share on other sites

First of all I feel sorry for the other victims and I myself is still in distraught about my account. Furthermore, I just want to add that I don't think malware or viruses play on this since I myself don't access my account on hotspot network etc and I also use Mac (not windows). Also if these hackers has our passwords why use a backdoor attack in the first place if they can login on your account.

To which lead to another point of mine since these hackers didn't sign in or left any IP address on the history logged of the devices (which would have triggered my notifications but didn't). 

I can only think that these hackers already had compromised Gatehub's vault and got all it's targets keys and swiped those XRP straight away from high XRP accounts (P.S. I had another wallet on my account that hold less than 3K yet they didn't bother stealing those).

Nonetheless it's already a lost cause since Gatehub will technically not take responsibility on this matter as clearly the victims like myself don't have proof that Gatehub's system has been compromised, hence no compensation/refund. 

Share this post


Link to post
Share on other sites
10 minutes ago, XRPG said:

wouldnt your xrp be safe if it was just left in the ripple wallet and not placed in the primary wallet provided by gatehub?

Mine was stored in the Ripple Wallet and not the primary wallet yet that was stolen so the answer is it's still not safe.

Share this post


Link to post
Share on other sites
21 minutes ago, Xrylite said:

Zero-day malware for that would obviously be very valuable, given the nature of what is unraveling. I don't want it to be malware though since kanaas noted he hasn't done anything with Gatehub in months. So, that malware would have to have been benign or undetected for that long. Although, I do completely agree that it is many magnitudes easier to brute force a password given common password practices.

The attackers could have been using malware to gather encrypted secrets over a long period of time, and have spent all the time since brute-forcing them.

Share this post


Link to post
Share on other sites
11 minutes ago, cjeremys2 said:

Nonetheless it's already a lost cause since Gatehub will technically not take responsibility on this matter as clearly the victims like myself don't have proof that Gatehub's system has been compromised, hence no compensation/refund.

Depending on how bad the damage is, they may be able to cover at least some of the lost funds. It's certainly no guarantee, but Binance was able to do it over the 7000BTC that was stolen most recently. Ideally, this is what some of the fees they charge should be used for. Obviously they wouldn't liquidate and shut down shop just to provide a good-will return to people if it's that big of a loss, but reputation is important with how many exchanges are out there.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...