Jump to content
yxxyun

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k

Recommended Posts

5 hours ago, Silkjaer said:

A few comments to previous posts:

- Targeted wallets are as new as 2018 so far.

- API is likely Gatehubs internal API (the browser makes API calls while using the site). Getting access to a database with access tokens sounds strange though – makes you wonder what kind of other information the database contained 🤔. In any case, perps would’ve been able to connect access tokens with account addresses somehow.

Yeah, maybe the access to database is via a malware like what happened to bitstamp 

https://www.coindesk.com/unconfirmed-report-5-million-bitstamp-bitcoin-exchange

Share this post


Link to post
Share on other sites

There are quite some people who run validators here. Do you guys keep logs? 

It doesn't look like they used Gatehub to transfer the money. Gatehub normally stores a memo but their transaction is clean, there's no additional info there. So my guess is that while stealing the funds, they probably connected to one of the public rippled servers to submit their transaction. If there are logs, you could get an IP for the fraudulent transactions. If they used their own rippled instance, maybe it's possible to see which IP proposed the transaction first?

Just an idea :)

2 hours ago, Marvxrp said:

Maybe its an Exit Scam. They gather slowly all Coins and run ...

Sorry but that's some ******** and fearmongering right there. Even if it was true, why steal from the highly visible Ripple accounts instead of their Gatehub hosted ones?

Share this post


Link to post
Share on other sites
1 hour ago, fluxw42 said:

It doesn't look like they used Gatehub to transfer the money. Gatehub normally stores a memo but their transaction is clean, there's no additional info there. So my guess is that while stealing the funds, they probably connected to one of the public rippled servers to submit their transaction. If there are logs, you could get an IP for the fraudulent transactions. If they used their own rippled instance, maybe it's possible to see which IP proposed the transaction first?

If they had access to their access token by compromising the db then they would have used GH's API (since the access token is only valid within GH) and that should be in their logs. If GH has no entries in the logs that would indicate that they had the secret key and that would have allowed them to use the ripple ledger directly.

 

 

 

 

 

Share this post


Link to post
Share on other sites
4 minutes ago, crypto2libertas said:

If they had access to their access token by compromising the db then they would have used GH's API (since the access token is only valid within GH) and that should be in their logs. If GH has no entries in the logs that would indicate that they had the secret key and that would have allowed them to use the ripple ledger directly.

 

 

 

 

 

but the secret keys are encrypted. 

Share this post


Link to post
Share on other sites
1 minute ago, crypto2libertas said:

correct so they must have some data in their log files then :)

the access token was disabled 1st June but wallets still draining.

most likely the thieves got hold of the public and secret keys. but how on earth do they manage to decrypt 178 keys in such a short time?

Share this post


Link to post
Share on other sites
4 minutes ago, jlripple said:

most likely the thieves got hold of the public and secret keys. but how on earth do they manage to decrypt 178 keys in such a short time?

I guess GH must have used a weak encryption for the secret keys. Disappointing if true

Share this post


Link to post
Share on other sites
8 minutes ago, Geekluca said:

We (victims) should keep the pressure high on @gatehub. This post should should NOT cool down. 

Binance refunded the victims within a week. These guys didn’t even admit responsability yet. Shame on you gatehub. 

they need to announce publicly their investigations, now news yet

Share this post


Link to post
Share on other sites
2 minutes ago, jlripple said:

they need to announce publicly their investigations, now news yet

Good point @jlripple. I if I remember correctly, you were one of the first to share that you are one of the victims....

I am assuming you are one of the chat members in the privately coordinated sub-chat...

I know you were a bit frazzled judging by your first post here (and understandably)... do you feel any better now after communicating within the private chat?

Or do you have an equal or less pessimistic stance?

 

Share this post


Link to post
Share on other sites
15 minutes ago, EcneitapLatnem said:

Good point @jlripple. I if I remember correctly, you were one of the first to share that you are one of the victims....

I am assuming you are one of the chat members in the privately coordinated sub-chat...

I know you were a bit frazzled judging by your first post here (and understandably)... do you feel any better now after communicating within the private chat?

Or do you have an equal or less pessimistic stance?

 

i try not to think too much about it, really hurts.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...