Jump to content

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k


Recommended Posts

  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

On June 1 we were made aware of a theft of 201,000 XRP (transaction F6E9E1385E11649A6C2F88723A821AF209B54030886539DCEF9DDD00E6446948) and immediately started investigation. It turned out that the acco

Reminder: There is no direct evidence pointing to Gatehub being responsible even though it may appear as the most likely scenario right now. Just be careful about jumping to conclusions What you c

Hey all! We are aware of the matter and are looking into it. If anyone has any information please contact us at: security@gatehub.net   GateHub

Posted Images

12 hours ago, Mitty said:

I received this email from gatehub on the 11-04-2019. I am not sure if its related or not. But if it is it may go someways to prove they knew of potential risks yet missed the main attack route. I also find that fact that @FERforum had the exact same thing happen in 2017 and reported it to gatehub back then it is obvious that gatehub has dropped the ball. I am pretty sure i have read about other similar cases over the years. It's possible that the hackers have tested a few accounts previously and are  now hitting as many accounts as they can before they disappear. 


 

Dear GateHub user,

 

Between April 4 and 5, we discovered that an unknown perpetrator had used a large number of stolen email addresses that were circulating the web and was able to obtain the information whether the email is registered on our platform as well as wallet addresses associated with the aforementioned email address, via API call.

Appropriate measures have been taken to stop the perpetrator and prevent further action from their end.

We must inform you that no personal information had been accessed or obtained from our storage. Your personal information is securely stored and safe with us. We would also like to assure all GateHub customers that their funds are safe.

Involved email addresses were not obtained from GateHub.

The aforementioned API call is part of our infrastructure that allows customers to use an email address as a contact for sending funds.

We wanted to inform you of this occurrence to honour our commitment to transparency and customer service.

We would also like to take this opportunity to offer you advice on how to improve the security of your email account as well as the security of your GateHub account.

For your personal email account

Update your login password. Read more about it on our blog, here.

Set-up an additional layer of security on the email address (2-Factor Authentication, SMS validation, account activity notification,...). Read more about it on our blog, here.

For your GateHub account

Bookmark https://www.gatehub.net/ to avoid falling victim to phishing sites. It is also recommended to enable auto-update for your browser.

Update your GateHub login password.

Enable 2-Factor Authentication for your GateHub account and safely store the 2FA backup code ("Authentication key").

Consider changing your current GateHub account login email. Read more about it on our blog, here.

Always make sure your GateHub recovery key and other credentials (i.e. Ripple secret keys) are stored in a safe place (offline storage or paper copies).

Be mindful of any emails which request additional account information. GateHub will never ask you for your log-in credentials.

We strongly advise against saving your sensitive information in your email or any other online storage.

For any additional questions, please contact us through our customer support service, here.

 

Sincerely,
GateHub Team

If they sent it to you in April why didn’t they send it to all registered accounts. I’ve just checked and nothing from Gatehub on those dates. That could have saved everyone affected now. 

P.s Online chat @ Changelly have requested any specific information  can be sent to their support line below. They’ve also said they will be releasing a statement soon to update on what they are doing to help:

support@changelly.com 

 pro@changelly.com

Link to post
Share on other sites
58 minutes ago, JohnnyC said:

SHUT GATEHUB DOWN NOW!!!!!!

I have been around a while and was an early investor in XRP. I left some of my stack on Gatehub and its all gone. They stole the last bit 40 minutes ago.

I am disgusted by the emails insinuating I was at fault for the GateHub breach and that I should contact local law enforcement as if that is going to help.

I went to Gatehub because it was recommended by some Ripple employees.

If Brad Garlinghouse and David Schwartz want mass adoption they should fire the Gatehub CEO immediately, shutdown Gatehub, get to the bottom of all this and fix it.

Hopefully, Ripple will replace my XRP or Gatehub.  I am sick to my stomach!!!!

 

Going to be hard to sleep tonight!!!

I agree, Ripple/XRP are also in the frame for this, not legally but morally.  Ripple recommended Gatehub but they cannot publicly admit their responsibility for Gatehub's negligence.  If I were Brad I would be working to get this shambles shut down and starting the negotiations behind the scenes to reimburse the stolen  XRP, but it would have to be done in a way that Ripple were not seen to have admitted responsibility.

I am appalled and sorry for everyone who has seen their tokens stolen.   All the XRP I own are on Etoro, and I have not converted the tokens onto an Etoro wallet (as I have been planning).  Suddenly this does not look quite as stupid I used to think it was.    It seems the only safe way to hold XRP is in a cold wallet with the key nano stick in a fire proof vault.  The sort of organisation that is itself problematic.

I wish everyone who has money at Gatehub good luck.

Edited by Julian_Williams
Link to post
Share on other sites
1 hour ago, JohnnyC said:

SHUT GATEHUB DOWN NOW!!!!!!

I have been around a while and was an early investor in XRP. I left some of my stack on Gatehub and its all gone. They stole the last bit 40 minutes ago.

So the stealing is still on-going right up to now? GateHub should have - days ago - put out a major alert to all XRP wallet holders to open a new wallet and move their XRP to the new wallet ASAP. 

Link to post
Share on other sites
42 minutes ago, Julian_Williams said:

All the XRP I own are on Etoro, and I have not converted the tokens onto an Etoro wallet (as I have been planning).  Suddenly this does not look quite as stupid I used to think it was.    It seems the only safe way to hold XRP is in a cold wallet with the key nano stick in a fire proof vault.  The sort of organisation that is itself problematic.

Is it the case that you literally have positions open in eToro? I would get them onto the eToro wallet ASAP because I had trades close on their own sometimes with eToro even though they never hit stop loss or take profit.

Link to post
Share on other sites
15 minutes ago, 2ndtimearound said:

Is it the case that you literally have positions open in eToro? I would get them onto the eToro wallet ASAP because I had trades close on their own sometimes with eToro even though they never hit stop loss or take profit.

Yes, your advice is good,  I think it is time I did that and then put them on a nano or something.  I am not a technical guy and have been avoiding it.

Etoro is so easy and convenient that it becomes a bad habit! 

Link to post
Share on other sites
16 minutes ago, Julian_Williams said:

Yes, your advice is good,  I think it is time I did that and then put them on a nano or something.  I am not a technical guy and have been avoiding it.

Etoro is so easy and convenient that it becomes a bad habit! 

I have a soft spot for eToro as they put a lot of work into their interface and it's a great "gateway" into crypto.  If I were you I'd get a Nano S (or X, either one).  Once you have the Nano hardware wallet in your hands, download the Ledger Live app and move your XRP to a newly generated wallet via Ledger Live.  You can only ever send or receive XRP when your hardware wallet is plugged in to your computer and you've put in the PIN number of the device.  Yes, experiment with very tiny transactions to get the hang of it.

Edited by 2ndtimearound
Link to post
Share on other sites
29 minutes ago, 2ndtimearound said:

You can only ever send or receive XRP when your hardware wallet is plugged in to your computer and you've put in the PIN number of the device.

FYI: You can receive without the device plugged in. No authorization or authentication is required to receive. 

Edited by Guest
Link to post
Share on other sites
14 minutes ago, LordVetinari said:
43 minutes ago, 2ndtimearound said:

You can only ever send or receive XRP when your hardware wallet is plugged in to your computer and you've put in the PIN number of the device.

FYI: You can receive without the device plugged in. No authorization or authentication is required to receive. 

Correct. Hardware wallets like the Ledger Nano S aren't anything more than a gated way to send XRP from your wallet. The wallet created on the Ledger Nano S never tells you the secret key, so it's practically impossible for anyone to steal from that wallet without one of two things: they either need your Ledger and need to know whatever simple passcode you use to unlock it; or they need to know your 24-word recovery phrase to be able to recover the wallet onto another device.

When you try to make a transaction to send XRP from that wallet, the Ledger is needed to affirm the transaction so that it actually processes the send using the secret key that only it has. To my knowledge, even malware on your computer isn't capable of stealing the secret key from the Ledger when connected since everything is "military-grade" encrypted.

7 minutes ago, JeffXRP said:

I feel horribly for all that have lost their xrp.  The US legal system can offer you remedial relief to make you whole again.  You should collaborate and pursue legal action if you are not immediately reimbursed for your losses.  This entire situation smells of corporate negligence. 

GateHub is based in London, so it's an international issue if it were to involve a legal system. Certainly still worth reporting, but it's not as simple if it comes down to finding GateHub negligent in some manner.

Edited by Xrylite
Link to post
Share on other sites
6 minutes ago, Xrylite said:

 

GateHub is based in London, so it's an international issue if it were to involve a legal system. Certainly still worth reporting, but it's not as simple if it comes down to finding GateHub negligent in some manner.

 

 

GateHub seems to have sufficient contacts in the US  for both civil and criminal jurisdiction under a variety of US statutes.  And UK cooperates with US authorities. 

 

Edited by JeffXRP
Link to post
Share on other sites
4 hours ago, Pablo said:

I’m staggered the thefts are ongoing. Can’t they shut down withdrawals until this is resolved? Holy smokes.

They can't, but at the very least they should've sent out emails to everyone warning them that they could become a victim of a hack, especially when this thing is still ongoing. It's absurd really, I can't imagine anyone trusting them ever again. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.