Jump to content

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k


Recommended Posts

  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

On June 1 we were made aware of a theft of 201,000 XRP (transaction F6E9E1385E11649A6C2F88723A821AF209B54030886539DCEF9DDD00E6446948) and immediately started investigation. It turned out that the acco

Hey all! We are aware of the matter and are looking into it. If anyone has any information please contact us at: security@gatehub.net   GateHub

Reminder: There is no direct evidence pointing to Gatehub being responsible even though it may appear as the most likely scenario right now. Just be careful about jumping to conclusions What you c

Posted Images

19 minutes ago, cjeremys2 said:

First of all can we stop this weak password assumptions. I hate to state this but to accuse all 90+ victims of having weak password sounds pretty stupid. I as one of the people that got hacked takes 6,588 centuries for my password to get cracked. So if your stating my password is weak please spend 6,588 centuries to crack it please.

And no hackers are stupid enough to brute force every person's password when they can just use a backdoor straight to Gatehub's networks since clearly right now it shows Gatehub has a big security flaw that they don't want to address to the community since it makes them more liable for the losses.

Can you share any characteristics of your password? Was it long and random, was it a sentence, was it a word from a dictionary, etc?

Did you have the same secret key imported to another GateHub account that used a weaker password?

I don't want to make you feel careless or anything, I just want to get to the bottom of this theory...

Link to post
Share on other sites
23 minutes ago, cjeremys2 said:

So if your stating my password is weak please spend 6,588 centuries to crack it please.

Sure thing, please post the encrypted information publically and I'll take a shot at it.

Humans are really terrible at choosing random passwords and computers are really terrible at measuring password strength. The string "Passw0rd123456!!!" probably would measure as extremely secure on most "how strong is your password?" algorithms, but it would probably be broken within minutes by a bruteforcing algorithm.

Link to post
Share on other sites
8 minutes ago, Milk said:

Can you share any characteristics of your password? Was it long and random, was it a sentence, was it a word from a dictionary, etc?

Did you have the same secret key imported to another GateHub account that used a weaker password?

 

11 hours ago, cjeremys2 said:

I don’t think the password is the issue as mine takes 6588 centuries to be cracked based on a website. 

Goodluck cracking my password if that is the case. Mine consists of 12 characters with few letters & number and special characters.

Also I’ve been with Gatehub for 2 years using the same password solely for Gatehub not used on my other accounts hence if someone knew it why use a backdoor? when you can just login on the UI. Also where does 2FA sit on this since it was bypassed easily.

He did mention some information about his password a few pages back. I tried asking a day or two ago if anyone was using password management software (Lastpass, Dashlane, 1Pass, etc.) as those would also be pretty immune to brute force.

The moment cjeremys2 mentioned he was affected, but his password is what it should be to be considered safe, that means that this isn't solely a password issue. It certainly could involve it with some people, but I feel the nature for which they've been taking XRP would be pretty consistent. So, it's probably worth skipping password assumptions and focusing on other ways that they obtained secret keys.

Link to post
Share on other sites
6 minutes ago, Xrylite said:

He did mention some information about his password a few pages back.

Yeah, he said: "Mine consists of 12 characters with few letters & number and special characters."

If this really has very good entropy (meaning: not chosen by a human) it should be barely enough - if it was chosen by a human it is likely not enough. Still much weaker than the secret it is supposed to protect by the way.

Link to post
Share on other sites
32 minutes ago, Sukrim said:

Sure thing, please post the encrypted information publically and I'll take a shot at it.

Humans are really terrible at choosing random passwords and computers are really terrible at measuring password strength. The string "Passw0rd123456!!!" probably would measure as extremely secure on most "how strong is your password?" algorithms, but it would probably be broken within minutes by a bruteforcing algorithm.

I've sent you a message for you leisure and that file is encrypted with my password on Gatehub.

Let me know how you get along with it.

Link to post
Share on other sites
1 hour ago, Sukrim said:

If this really has very good entropy (meaning: not chosen by a human) it should be barely enough - if it was chosen by a human it is likely not enough. Still much weaker than the secret it is supposed to protect by the way.

I agree that some passwords can be trash and still use numbers, letters, and special characters. For example, "password11!!" has shown up 54 times in the few breaches mentioned by HaveIBeenPwned. However, if their password is exclusively used for that one account and it doesn't show up as a password in any of the known password lists, I think it should be considered reasonably safe.

If you're the only one to use "password22@@", then you aren't going to be in a predefined list of passwords to brute force and check first, so it's going to take at least a bit longer unless the pattern in the brute forcing is designed in a way to try all variations from the known list that seem reasonably close. There are definitely a lot of "ifs", which is why I'd hope we can affirm if anyone used a diceware or password management software.

Link to post
Share on other sites
2 minutes ago, Raiden said:

I would like to thank the users that stressed other people te keep their funds out of exchanges, i transfered mine a couple of months ago. 

Gatehub is not an exchange, it is a wallet provider and a gateway.

The exchange part is XRPL itself and you are accessing it through your wallet.

It is a good idea not to use closed source wallets though, since their back end implementation can't be publically audited.

Link to post
Share on other sites
4 minutes ago, Pablo said:

I’m staggered the thefts are ongoing. Can’t they shut down withdrawals until this is resolved? Holy smokes.

They can't shut down withdrawls because they're not a holder of the wallet. It sounds like these thefts are because someone has access to not only the wallet, but the secret keys themselves. They could go into lockdown with APIs and logins if they felt it was still being abused right now, but it sounds like the consensus so far is that whoever has access to those items already has them locally.

So, truly the only safeguard when someone has your wallet and potentially your secret key is to re-key the wallet (I don't know the technical background of the steps or risks involved there) or to just transfer the money to a different wallet and consider that one useless (until you can re-key?).

The withdrawl disabling happens mainly with exchanges because they are the only ones with access to the secret key and you're just basically in control of some funds in their wallet via your account.

Link to post
Share on other sites
11 hours ago, orxan5000 said:

My xrps gone to rHvWywQiexNeCLWTa9dBjHTMAtt6tPN7Z1. Pleae add this address to research or legislation report too

Following where that wallet has taken FROM, I find this wallet :-

https://bithomp.com/explorer/rEdUuLjBTKR5BnW4SJE3HDwEKntd11uR9M

Looks like the aforementioned wallet (rEdUuLjBTKR5BnW4SJE3HDwEKntd11uR9M) was emptied on 4th June - a little over 24 hours ago as I write.

It's a very confusing situation - IF what I have linked to is the scene of a crime, it seems like certain wallets (all XRP wallets?) still aren't secure on GateHub. 

 

Edited by 2ndtimearound
Link to post
Share on other sites

SHUT GATEHUB DOWN NOW!!!!!!

I have been around a while and was an early investor in XRP. I left some of my stack on Gatehub and its all gone. They stole the last bit 40 minutes ago.

I am disgusted by the emails insinuating I was at fault for the GateHub breach and that I should contact local law enforcement as if that is going to help.

I went to Gatehub because it was recommended by some Ripple employees.

If Brad Garlinghouse and David Schwartz want mass adoption they should fire the Gatehub CEO immediately, shutdown Gatehub, get to the bottom of all this and fix it.

Hopefully, Ripple will replace my XRP or Gatehub.  I am sick to my stomach!!!!

 

Going to be hard to sleep tonight!!!

Link to post
Share on other sites
49 minutes ago, Xrylite said:

So, truly the only safeguard when someone has your wallet and potentially your secret key is to re-key the wallet (I don't know the technical background of the steps or risks involved there) or to just transfer the money to a different wallet and consider that one useless (until you can re-key?).

It appears that someone/some group has got ahold of the secret keys or knows a way of generating them. So Don't rekey.  Just follow these 3 steps.  It's safer than rekeying and the only disadvantage is that you'll need to leave behind the 20 XRP reserve in your old wallet.

1. Download Toast Wallet on your computer/mobile device

2. Create a new XRP Wallet Address in Toast.. Make sure you remember your password in Toast and take a backup of your wallet.

3. Then transfer all your funds over to the new Toast Wallet.

Done.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.