Jump to content
yxxyun

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k

Recommended Posts

Likely only the secret key is stored in encrypted form, but looking at session data also “personal identifiable information” such as email addresses, is stored and accessible with the API. 

Share this post


Link to post
Share on other sites

We've been contacted by a victim of June 27, so while we thought that the perpetrators were done this was a cue to look into movements to see if there were other thefts we didn't know about. 

Perpetrators have changed tactics and we have been able to identify several thefts, the latest being July 7, and the stolen amount is now close to 26M.

Share this post


Link to post
Share on other sites
We've been contacted by a victim of June 27, so while we thought that the perpetrators were done this was a cue to look into movements to see if there were other thefts we didn't know about. 
Perpetrators have changed tactics and we have been able to identify several thefts, the latest being July 7, and the stolen amount is now close to 26M.

What do you mean by changing tactics? In what sense they changed?

Share this post


Link to post
Share on other sites
40 minutes ago, kanaas said:


What do you mean by changing tactics? In what sense they changed?

Not sending funds much around, changing accounts quite often etc. So only slight changes in how they operate.

Share this post


Link to post
Share on other sites
Posted (edited)
On 7/8/2019 at 8:15 AM, mrenne said:

Yes, and sometimes the person responsible to keep the car keys is responsible if the car gets stolen. It just depends on legislation and situation. That's why I asked if the person that came with such a blanket statement was a specialist or not. If not, his answer is quite useless.

Don't know how that legally translates, but there is a fundamental difference between cars/carkeys and cryptoassets/secrets. The first can become physically separated what means that the holder of the keys de facto cannot be responsible for the state of the car neither for the theft of the car, unless that car is placed on an environment that's under his full control (private parking lot, garage). With crypto one can say that the asset virtually is tied and even makes part of the keys and therefor being under full control of the key holder(s). One could say that encryption may separate the keys from the asset, but I think that's a weak argument and as said, I've no idea how this translates to different laws and jurisdictions..... We might soon (?) find out I guess....

Edited by kanaas

Share this post


Link to post
Share on other sites
16 hours ago, mrenne said:

Now I am wondering, are there still xrpchat members that are keeping their funds at GateHub?

For me, only small wallets that I use for testing; I still like the user interface and the simplicity of having someone else look after multiple sets of keys for you. 

But it would mean nothing to me if it was stolen. Haven't kept serious amounts on there since 2017.

Share this post


Link to post
Share on other sites
Posted (edited)

Gatehub have just released this information at conclusion of initial investigation: 

Our Security Team has concluded the first phase of an extensive forensic investigation intothe recent cyber attack on GateHub. A public statement with more information will be published on our blog soon. We have identified the accounts that were targeted in this attack and the information that was compromised.

According to our records, the perpetrator gained unauthorized access to the following information:

Email

Hashed password

Hashed recovery key

Encrypted XRP ledger wallets secret keys (non-deleted wallets only)

First name (if provided)

Last name (if provided)

The perpetrator did not gain access to the following information:

Phone number

Address

Nationality

Citizenship

ID document(s)

Proof of residence document(s)

Date of birth

Place of birth

Any other information not included in the first list

Edited by Harrryquartz

Share this post


Link to post
Share on other sites
1 hour ago, Harrryquartz said:

Gatehub have just released this information at conclusion of initial investigation: 

Our Security Team has concluded the first phase of an extensive forensic investigation intothe recent cyber attack on GateHub. A public statement with more information will be published on our blog soon. We have identified the accounts that were targeted in this attack and the information that was compromised.

According to our records, the perpetrator gained unauthorized access to the following information:

Email

Hashed password

Hashed recovery key

Encrypted XRP ledger wallets secret keys (non-deleted wallets only)

First name (if provided)

Last name (if provided)

The perpetrator did not gain access to the following information:

Phone number

Address

Nationality

Citizenship

ID document(s)

Proof of residence document(s)

Date of birth

Place of birth

Any other information not included in the first list

Thank you so much for sharing the information ! 

First phase?   How many phases are needed ?

For some reason I am still not receiving any emails from Gatehub except for the new device confirmations.   I will be sure to store the recovery key in a safe place so I can protect the 45 XRP I have remaining because I have nothing left.   

 

Share this post


Link to post
Share on other sites
8 minutes ago, kanaas said:

All I can say @gatehub is that ,whatever phase they will go trough, the only phase all victims want to happen is the phase of complete refunding. They may say, and even have the law on their side on it, that they cannot take responsibility because the funds were not in their wallets and that they were just controlling (losing) the keys, fact is that they WILL go bust by any other decision about refunding all the reported losses.

A trusted gateway, means you trust them to guard all the funds by lending them the keys. If they do not refund, nobody will trust them anymore, not even to hold you one single XRP for more than a minut .... Refund or die.... simple as that!

I definately agree,   I think all of us who are victims and lost ridiculous amounts of money have been extremely patient. At least try and get some of the funds that were frozen distributed.  I am so over this crap now.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...