Jump to content
yxxyun

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k

Recommended Posts

Do we have any additional information regarding why certain Gatehub wallets were hacked (or able to be hacked) and others not?

It seems like many of the accounts were migrated from RippleTrade to Gatehub.  Is that the case with all hacked accounts?

Gatehub offers a "master key" option for customers to get into the account (I believe it's for when the customer forgets the password or when the customer can't get into the account because the customer switches phones and forgets to properly transition 2FA over to the new phone).  Did all the hacked accounts have a master key which enabled entry into the accounts?

I would think that by now Gatehub would have a pretty good idea of which features or circumstances are the same for the hacked wallets, but Gatehub doesn't seem to be sharing this information with its customers and the community.

Share this post


Link to post
Share on other sites
Guest
2 minutes ago, Alluvial said:

Do we have any additional information regarding why certain Gatehub wallets were hacked (or able to be hacked) and others not?

It seems like many of the accounts were migrated from RippleTrade to Gatehub.  Is that the case with all hacked accounts?

Gatehub offers a "master key" option for customers to get into the account (I believe it's for when the customer forgets the password or when the customer can't get into the account because the customer switches phones and forgets to properly transition 2FA over to the new phone).  Did all the hacked accounts have a master key which enabled entry into the accounts?

I would think that by now Gatehub would have a pretty good idea of which features or circumstances are the same for the hacked wallets, but Gatehub doesn't seem to be sharing this information with its customers and the community.

I would hope there's a reason for this behind the scenes and that everyone is fully compensated eventually. 

Share this post


Link to post
Share on other sites

We need @gatehub to open their code.

It's clearly their fault in the migration process, or some of the databases.

What do you mean you saw an increased number of API calls? Which API? Rippled API? I don't see how that can be used to infer secret keys from your private database.

Share this post


Link to post
Share on other sites

And please, do not move your funds to gatehub hosted wallets. At this point everything from gatehub is not safe.

  • Create a new account on the ledger
  • Transfer all funds there

It will cost 20XRP but it's better than losing tens of thousands or more.

Share this post


Link to post
Share on other sites
Posted (edited)
11 minutes ago, tulo said:

And please, do not move your funds to gatehub hosted wallets. At this point everything from gatehub is not safe.

  • Create a new account on the ledger
  • Transfer all funds there

It will cost 20XRP but it's better than losing tens of thousands or more.

I posted this earlier 

I had created multiple wallets on Gatehub. Only one wallet was hacked and that was my original and only hosted wallet created in 2016. Did anyone else have multiple wallets on Gatehub ? If hackers had gained access through log in credentials why would they not hack all the wallets? Other wallets also HAD ( since moved) substantial amounts as well.

Edited by Jillian
correction

Share this post


Link to post
Share on other sites
1 hour ago, Jillian said:

I posted this earlier 

I had created multiple wallets on Gatehub. Only one wallet was hacked and that was my original and only hosted wallet created in 2016. Did anyone else have multiple wallets on Gatehub ? If hackers had gained access through log in credentials why would they not hack all the wallets? Other wallets also HAD ( since moved) substantial amounts as well.

Just wanted to share, that my Wallet is from 2016 too, maybe it has something to do with the migration ( I cant remember i did this, but its long )

Share this post


Link to post
Share on other sites
1 hour ago, Jillian said:

Only one wallet was hacked and that was my original and only hosted wallet created in 2016.

Can you please confirm whether it was a hosted wallet or a "Ripple" wallet? Hosted wallets are those where Gatehub pools your XRP with other users' XRP and assigns you a destination tag. I don't think there have been other reports of hosted wallets being compromised?

It doesn't seem like the attacker gained access to account credentials, just encrypted secret keys.

Share this post


Link to post
Share on other sites
10 minutes ago, at3n said:

Can you please confirm whether it was a hosted wallet or a "Ripple" wallet? Hosted wallets are those where Gatehub pools your XRP with other users' XRP and assigns you a destination tag. I don't think there have been other reports of hosted wallets being compromised?

It doesn't seem like the attacker gained access to account credentials, just encrypted secret keys.

I was not required to use a destination tag but did have a secret key.  

Share this post


Link to post
Share on other sites
15 minutes ago, Marvxrp said:

Just wanted to share, that my Wallet is from 2016 too, maybe it has something to do with the migration ( I cant remember i did this, but its long )

Yes my wallet also created in July 2016. Unfortunately that was the wallet that contained a large amount of my original deposits.   When I first started at gatehub I was not familiar with what I was doing

Share this post


Link to post
Share on other sites

A few comments to previous posts:

- Targeted wallets are as new as 2018 so far.

- API is likely Gatehubs internal API (the browser makes API calls while using the site). Getting access to a database with access tokens sounds strange though – makes you wonder what kind of other information the database contained 🤔. In any case, perps would’ve been able to connect access tokens with account addresses somehow.

Share this post


Link to post
Share on other sites

I wonder how close gatehub may be to possibly catching the party/parties involved....

If they are not close and need help, it might be a good time to offer a reward to anybody with information that leads to their capture....

I think more companies that fall victim to hackings of crypto assets should go that route.... even the best of friends will turn if the price is right....

Share this post


Link to post
Share on other sites
15 minutes ago, crypto2libertas said:

I wonder if GH will survive this. They might shut the gates over this. It wouldn't surprise me

Maybe its an Exit Scam. They gather slowly all Coins and run ...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...