Jillian 52 Posted July 11, 2019 Share Posted July 11, 2019 1 hour ago, Harrryquartz said: Gatehub have just released this information at conclusion of initial investigation: Our Security Team has concluded the first phase of an extensive forensic investigation intothe recent cyber attack on GateHub. A public statement with more information will be published on our blog soon. We have identified the accounts that were targeted in this attack and the information that was compromised. According to our records, the perpetrator gained unauthorized access to the following information: Email Hashed password Hashed recovery key Encrypted XRP ledger wallets secret keys (non-deleted wallets only) First name (if provided) Last name (if provided) The perpetrator did not gain access to the following information: Phone number Address Nationality Citizenship ID document(s) Proof of residence document(s) Date of birth Place of birth Any other information not included in the first list Thank you so much for sharing the information ! First phase? How many phases are needed ? For some reason I am still not receiving any emails from Gatehub except for the new device confirmations. I will be sure to store the recovery key in a safe place so I can protect the 45 XRP I have remaining because I have nothing left. Ghobicat 1 Link to post Share on other sites
Popular Post kanaas 3,903 Posted July 11, 2019 Popular Post Share Posted July 11, 2019 1 hour ago, Jillian said: Thank you so much for sharing the information ! First phase? How many phases are needed ? For some reason I am still not receiving any emails from Gatehub except for the new device confirmations. I will be sure to store the recovery key in a safe place so I can protect the 45 XRP I have remaining because I have nothing left. All I can say @gatehub is that ,whatever phase they will go trough, the only phase all victims want to happen is the phase of complete refunding. They may say, and even have the law on their side on it, that they cannot take responsibility because the funds were not in their wallets and that they were just controlling (losing) the keys, fact is that they WILL go bust by any other decision about refunding all the reported losses. A trusted gateway, means you trust them to guard all the funds by lending them the keys. If they do not refund, nobody will trust them anymore, not even to hold you one single XRP for more than a minut .... Refund or die.... simple as that! Global, Geekluca, faz and 7 others 10 Link to post Share on other sites
Jillian 52 Posted July 11, 2019 Share Posted July 11, 2019 8 minutes ago, kanaas said: All I can say @gatehub is that ,whatever phase they will go trough, the only phase all victims want to happen is the phase of complete refunding. They may say, and even have the law on their side on it, that they cannot take responsibility because the funds were not in their wallets and that they were just controlling (losing) the keys, fact is that they WILL go bust by any other decision about refunding all the reported losses. A trusted gateway, means you trust them to guard all the funds by lending them the keys. If they do not refund, nobody will trust them anymore, not even to hold you one single XRP for more than a minut .... Refund or die.... simple as that! I definately agree, I think all of us who are victims and lost ridiculous amounts of money have been extremely patient. At least try and get some of the funds that were frozen distributed. I am so over this crap now. Ghobicat, Madtofu, bartopel and 1 other 4 Link to post Share on other sites
at3n 317 Posted July 11, 2019 Share Posted July 11, 2019 6 hours ago, Harrryquartz said: Email Hashed password Hashed recovery key Encrypted XRP ledger wallets secret keys (non-deleted wallets only) First name (if provided) Last name (if provided) So, speculation... Break the hashed password (was it salted?), potentially with the help of purchased password databases from past data breaches (find other passwords linked to the same email), then use the password to decrypt the key? Geekluca 1 Link to post Share on other sites
jlripple 92 Posted July 12, 2019 Share Posted July 12, 2019 1 hour ago, at3n said: So, speculation... Break the hashed password (was it salted?), potentially with the help of purchased password databases from past data breaches (find other passwords linked to the same email), then use the password to decrypt the key? Where's the announcement? Via email? Link to post Share on other sites
Harrryquartz 93 Posted July 12, 2019 Share Posted July 12, 2019 6 hours ago, jlripple said: Where's the announcement? Via email? According to Gatehub they are emailing affected users and updating their website blog shortly Link to post Share on other sites
jlripple 92 Posted July 13, 2019 Share Posted July 13, 2019 Latest hack: https://asia.nikkei.com/Spotlight/Bitcoin-evolution/Hackers-snatch-32m-from-Japan-cryptocurrency-exchange-Bitpoint Swift and transparent, users compensated. Lousy gatehub. Ghobicat 1 Link to post Share on other sites
Sukrim 1,886 Posted July 14, 2019 Share Posted July 14, 2019 The next question I'd have would be about the exact mechanism of hashing and encryption that was used. This can range from negligent up to "well, users chose bad passwords". Harrryquartz and at3n 2 Link to post Share on other sites
NightJanitor 2,119 Posted July 14, 2019 Share Posted July 14, 2019 15 hours ago, Sukrim said: The next question I'd have would be about the exact mechanism of hashing and encryption that was used. This can range from negligent up to "well, users chose bad passwords". That's a good engineering question. My question would be about the timing, based solely upon someone posting way back in this thread that GateHub had recently hired a new security firm to do an audit. If that's true, then some new people just recently got access to their systems to do a code review (or some older people got nervous when they found things were about to get tighter)? That was the clue-iest thing I saw in this thread. Though, GateHub *could* have had longer knowledge of the breach and hired the team after the fact, without saying anything. kanaas 1 Link to post Share on other sites
jlripple 92 Posted July 15, 2019 Share Posted July 15, 2019 my take is someone got hold of the code to decrypt the hashed password then in turn decrypt the secret keys. how can the hacker gain access to: · Email · Hashed password · Hashed recovery key · Encrypted XRP ledger wallets secret keys (non-deleted wallets only) by means of access tokens even if users are not logged in. Tyvole 1 Link to post Share on other sites
at3n 317 Posted July 15, 2019 Share Posted July 15, 2019 1 hour ago, jlripple said: my take is someone got hold of the code to decrypt the hashed password then in turn decrypt the secret keys. There is no code to decrypt a hash, by design it's not reversible, even if you know the algorithm used to create the hash. To crack it you need some sort of brute force method, of which there are a number available depending on how the hashing was implemented. Hashes created from long complex passwords are effectively impossible to crack if implemented properly. 1 hour ago, jlripple said: how can the hacker gain access to: · Email · Hashed password · Hashed recovery key · Encrypted XRP ledger wallets secret keys (non-deleted wallets only) by means of access tokens even if users are not logged in. That's the million dollar question... Seems to be through an API exploit, but we don't know what exactly that was. Would assume it was some sort of bug in the API code anyway, to hand out access tokens to improperly authenticated users, or to grant inappropriate permissions to users who were authenticated under a different account. Link to post Share on other sites
jlripple 92 Posted July 16, 2019 Share Posted July 16, 2019 20 hours ago, at3n said: There is no code to decrypt a hash, by design it's not reversible, even if you know the algorithm used to create the hash. To crack it you need some sort of brute force method, of which there are a number available depending on how the hashing was implemented. Hashes created from long complex passwords are effectively impossible to crack if implemented properly. That's the million dollar question... Seems to be through an API exploit, but we don't know what exactly that was. Would assume it was some sort of bug in the API code anyway, to hand out access tokens to improperly authenticated users, or to grant inappropriate permissions to users who were authenticated under a different account. yes but how does 500+ accounts get decrypted in such a short period of time? including accounts with small balance which if i were the hacker i will not be bothered due to the time and effort needed. Selective and Geekluca 2 Link to post Share on other sites
Selective 33 Posted July 16, 2019 Share Posted July 16, 2019 3 hours ago, jlripple said: yes but how does 500+ accounts get decrypted in such a short period of time? including accounts with small balance which if i were the hacker i will not be bothered due to the time and effort needed. All the ripple hacks this month raises a lot of questions, I'm wondering If ripple mainnet has a flow. Link to post Share on other sites
jlripple 92 Posted July 16, 2019 Share Posted July 16, 2019 It's coming to two months yet to get the official final announcement. This is gatehub true colors guys. Link to post Share on other sites
tulo 3,252 Posted July 16, 2019 Share Posted July 16, 2019 4 hours ago, Selective said: All the ripple hacks this month raises a lot of questions, I'm wondering If ripple mainnet has a flow. This has nothing to do with mainnet, otherwise we'd seen hacked accounts that were not stored by gatehub. @all the people hacked: did you have a relatively easy password (less than 6 characters) on gatehub? Link to post Share on other sites
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now