a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k

[XRPG 32]

At this point you'd think they would just shut it down.

 

[yxxyun 1,135]

Well, I think Toast Wallet didn't support trade on DEX/gateway.

[Harrryquartz 93]

12 hours ago, Mitty said:

I received this email from gatehub on the 11-04-2019. I am not sure if its related or not. But if it is it may go someways to prove they knew of potential risks yet missed the main attack route. I also find that fact that @FERforum had the exact same thing happen in 2017 and reported it to gatehub back then it is obvious that gatehub has dropped the ball. I am pretty sure i have read about other similar cases over the years. It's possible that the hackers have tested a few accounts previously and are  now hitting as many accounts as they can before they disappear. 

 

Dear GateHub user,

 

Between April 4 and 5, we discovered that an unknown perpetrator had used a large number of stolen email addresses that were circulating the web and was able to obtain the information whether the email is registered on our platform as well as wallet addresses associated with the aforementioned email address, via API call.

Appropriate measures have been taken to stop the perpetrator and prevent further action from their end.

We must inform you that no personal information had been accessed or obtained from our storage. Your personal information is securely stored and safe with us. We would also like to assure all GateHub customers that their funds are safe.

Involved email addresses were not obtained from GateHub.

The aforementioned API call is part of our infrastructure that allows customers to use an email address as a contact for sending funds.

We wanted to inform you of this occurrence to honour our commitment to transparency and customer service.

We would also like to take this opportunity to offer you advice on how to improve the security of your email account as well as the security of your GateHub account.

For your personal email account

Update your login password. Read more about it on our blog, here.

Set-up an additional layer of security on the email address (2-Factor Authentication, SMS validation, account activity notification,...). Read more about it on our blog, here.

For your GateHub account

Bookmark https://www.gatehub.net/ to avoid falling victim to phishing sites. It is also recommended to enable auto-update for your browser.

Update your GateHub login password.

Enable 2-Factor Authentication for your GateHub account and safely store the 2FA backup code ("Authentication key").

Consider changing your current GateHub account login email. Read more about it on our blog, here.

Always make sure your GateHub recovery key and other credentials (i.e. Ripple secret keys) are stored in a safe place (offline storage or paper copies).

Be mindful of any emails which request additional account information. GateHub will never ask you for your log-in credentials.

We strongly advise against saving your sensitive information in your email or any other online storage.

For any additional questions, please contact us through our customer support service, here.

 

Sincerely,
GateHub Team

If they sent it to you in April why didn’t they send it to all registered accounts. I’ve just checked and nothing from Gatehub on those dates. That could have saved everyone affected now. 

P.s Online chat @ Changelly have requested any specific information  can be sent to their support line below. They’ve also said they will be releasing a statement soon to update on what they are doing to help:

support@changelly.com 

 pro@changelly.com

[Julian_Williams 12,764]

58 minutes ago, JohnnyC said:

SHUT GATEHUB DOWN NOW!!!!!!

I have been around a while and was an early investor in XRP. I left some of my stack on Gatehub and its all gone. They stole the last bit 40 minutes ago.

I am disgusted by the emails insinuating I was at fault for the GateHub breach and that I should contact local law enforcement as if that is going to help.

I went to Gatehub because it was recommended by some Ripple employees.

If Brad Garlinghouse and David Schwartz want mass adoption they should fire the Gatehub CEO immediately, shutdown Gatehub, get to the bottom of all this and fix it.

Hopefully, Ripple will replace my XRP or Gatehub.  I am sick to my stomach!!!!

 

Going to be hard to sleep tonight!!!

I agree, Ripple/XRP are also in the frame for this, not legally but morally.  Ripple recommended Gatehub but they cannot publicly admit their responsibility for Gatehub's negligence.  If I were Brad I would be working to get this shambles shut down and starting the negotiations behind the scenes to reimburse the stolen  XRP, but it would have to be done in a way that Ripple were not seen to have admitted responsibility.

I am appalled and sorry for everyone who has seen their tokens stolen.   All the XRP I own are on Etoro, and I have not converted the tokens onto an Etoro wallet (as I have been planning).  Suddenly this does not look quite as stupid I used to think it was.    It seems the only safe way to hold XRP is in a cold wallet with the key nano stick in a fire proof vault.  The sort of organisation that is itself problematic.

I wish everyone who has money at Gatehub good luck.

Edited June 6, 2019 by Julian_Williams

[2ndtimearound 6,958]

1 hour ago, JohnnyC said:

SHUT GATEHUB DOWN NOW!!!!!!

I have been around a while and was an early investor in XRP. I left some of my stack on Gatehub and its all gone. They stole the last bit 40 minutes ago.

So the stealing is still on-going right up to now? GateHub should have - days ago - put out a major alert to all XRP wallet holders to open a new wallet and move their XRP to the new wallet ASAP. 

[2ndtimearound 6,958]

42 minutes ago, Julian_Williams said:

All the XRP I own are on Etoro, and I have not converted the tokens onto an Etoro wallet (as I have been planning).  Suddenly this does not look quite as stupid I used to think it was.    It seems the only safe way to hold XRP is in a cold wallet with the key nano stick in a fire proof vault.  The sort of organisation that is itself problematic.

Is it the case that you literally have positions open in eToro? I would get them onto the eToro wallet ASAP because I had trades close on their own sometimes with eToro even though they never hit stop loss or take profit.

[Julian_Williams 12,764]

15 minutes ago, 2ndtimearound said:

Is it the case that you literally have positions open in eToro? I would get them onto the eToro wallet ASAP because I had trades close on their own sometimes with eToro even though they never hit stop loss or take profit.

Yes, your advice is good,  I think it is time I did that and then put them on a nano or something.  I am not a technical guy and have been avoiding it.

Etoro is so easy and convenient that it becomes a bad habit! 

[2ndtimearound 6,958]

16 minutes ago, Julian_Williams said:

Yes, your advice is good,  I think it is time I did that and then put them on a nano or something.  I am not a technical guy and have been avoiding it.

Etoro is so easy and convenient that it becomes a bad habit! 

I have a soft spot for eToro as they put a lot of work into their interface and it's a great "gateway" into crypto.  If I were you I'd get a Nano S (or X, either one).  Once you have the Nano hardware wallet in your hands, download the Ledger Live app and move your XRP to a newly generated wallet via Ledger Live.  You can only ever send or receive XRP when your hardware wallet is plugged in to your computer and you've put in the PIN number of the device.  Yes, experiment with very tiny transactions to get the hang of it.

Edited June 6, 2019 by 2ndtimearound

[Guest]

29 minutes ago, 2ndtimearound said:

You can only ever send or receive XRP when your hardware wallet is plugged in to your computer and you've put in the PIN number of the device.

FYI: You can receive without the device plugged in. No authorization or authentication is required to receive. 

Edited June 6, 2019 by Guest

[JeffXRP 18]

I feel horribly for all that have lost their xrp.  The US legal system can offer you remedial relief to make you whole again.  You should collaborate and pursue legal action if you are not immediately reimbursed for your losses.  This entire situation smells of corporate negligence. 

[Xrylite 113]

14 minutes ago, LordVetinari said:

43 minutes ago, 2ndtimearound said:

You can only ever send or receive XRP when your hardware wallet is plugged in to your computer and you've put in the PIN number of the device.

FYI: You can receive without the device plugged in. No authorization or authentication is required to receive. 

Correct. Hardware wallets like the Ledger Nano S aren't anything more than a gated way to send XRP from your wallet. The wallet created on the Ledger Nano S never tells you the secret key, so it's practically impossible for anyone to steal from that wallet without one of two things: they either need your Ledger and need to know whatever simple passcode you use to unlock it; or they need to know your 24-word recovery phrase to be able to recover the wallet onto another device.

When you try to make a transaction to send XRP from that wallet, the Ledger is needed to affirm the transaction so that it actually processes the send using the secret key that only it has. To my knowledge, even malware on your computer isn't capable of stealing the secret key from the Ledger when connected since everything is "military-grade" encrypted.

7 minutes ago, JeffXRP said:

I feel horribly for all that have lost their xrp.  The US legal system can offer you remedial relief to make you whole again.  You should collaborate and pursue legal action if you are not immediately reimbursed for your losses.  This entire situation smells of corporate negligence. 

GateHub is based in London, so it's an international issue if it were to involve a legal system. Certainly still worth reporting, but it's not as simple if it comes down to finding GateHub negligent in some manner.

Edited June 6, 2019 by Xrylite

[JeffXRP 18]

6 minutes ago, Xrylite said:

 

GateHub is based in London, so it's an international issue if it were to involve a legal system. Certainly still worth reporting, but it's not as simple if it comes down to finding GateHub negligent in some manner.

 

 

GateHub seems to have sufficient contacts in the US  for both civil and criminal jurisdiction under a variety of US statutes.  And UK cooperates with US authorities. 

 

Edited June 6, 2019 by JeffXRP

[2ndtimearound 6,958]

21 minutes ago, LordVetinari said:

FYI: You can receive without the device plugged in. No authorization or authentication is required to receive. 

Ah yes, that's silly of me to say receive....but sending, you have to physically click a button on the hardware wallet to confirm a send.

[JeffXRP 18]

My point here is that for those of you that have losses, some very significant, don’t sit idle if the company does not make you whole. Crypto needs this type of responsibility before it can more forward.  

[iLeeT 2,538]

4 hours ago, Pablo said:

I’m staggered the thefts are ongoing. Can’t they shut down withdrawals until this is resolved? Holy smokes.

They can't, but at the very least they should've sent out emails to everyone warning them that they could become a victim of a hack, especially when this thing is still ongoing. It's absurd really, I can't imagine anyone trusting them ever again.