Jump to content
yxxyun

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k

Recommended Posts

Would it make any difference to start a class action with a lawyer based in Europe/UK instead of US? (I don't have any suggestion. Just wondering)

Was wondering this as well


Verzonden vanaf mijn iPhone met Tapatalk

Share this post


Link to post
Share on other sites
2 hours ago, tekkillah said:

Would it make any difference to start a class action with a lawyer based in Europe/UK instead of US? (I don't have any suggestion. Just wondering)

Yes, I would definitely try and get the advice of lawyers in the UK/EU. I think they are termed Barristers, Solicitors.  Different laws may apply to UK residents.  You could do a search for those that are fluent and experienced in cryptocurrency law, class action.   At least they could start you in the right direction and you can usually do a online/phone call and  evaluate your case.  

Share this post


Link to post
Share on other sites

This particular law firm has said that they would contact attorneys in England as well as get a professional crypto company to help with lawsuit. But the more information we can get from different places would be good.

Share this post


Link to post
Share on other sites

What i don't understand is what we know. We know for fact 500,000 xrp was recaptured by changenow. Why wouldn't gatehub request that 500,000 xrp and gave back 2% back to all victims per xrp stolen? This would show at least they care about people that lost their coins. I don't understand why wouldn't that be announced in recent update and action already taken @gatehub ?

Share this post


Link to post
Share on other sites

Gatehub's statement said" we kindly ask our customers to remain patient" but the title of the post said "Final Statement" which is weird.

Waiting for their actual response and reimbursement activity is probably best before legal action. BUT, I think we should all find out what the Statute of Limitations (SOL) are in our respected countries. A quick google search has this for me in my location in the USA:

"Most California misdemeanors have a statute of limitations of one year.

But, under California Penal Code 801 PC, felonies have a SOL of three years.

Some examples of common California theft crimes are:

petty theft,

grand theft, and

burglary.

One of the main reasons the law puts limits on when a criminal case gets filed is to preserve a sense of fairness for the defendant."

Share this post


Link to post
Share on other sites
1 hour ago, getitdone said:

Why wouldn't gatehub request that 500,000 xrp and gave back 2% back to all victims per xrp stolen?

That would put them on very shaky ground. Gatehub doesn't own the XRP, it was stolen directly from individual wallet owners. I would be pretty angry if my XRP was stolen, recovered and then distributed to other people without me giving my consent. Even if some people would be happy for that to happen, I don't think Gatehub can make that decision on their behalf.

It may be impossible to work out exactly who owns what, but worst case, only people who's XRP was sent to ChangeNow should receive XRP back from that pot, IMO.

Maybe by combining xrpforensics data and the exchange logs, they can even work out exactly who's XRP was not exchanged?

Minefield

Share this post


Link to post
Share on other sites

Hello - I was wiped of six figures of XRP on July 15th from GATEHUB.   Gatehub Support has not been helpful.   I was the victim of a SIM SWAP.  They somehow also added a device to my AUTHY account.  This is very scary stuff. If anyone has tips/advice please let me know.  

Share this post


Link to post
Share on other sites
2 hours ago, at3n said:

That would put them on very shaky ground. Gatehub doesn't own the XRP, it was stolen directly from individual wallet owners. I would be pretty angry if my XRP was stolen, recovered and then distributed to other people without me giving my consent. Even if some people would be happy for that to happen, I don't think Gatehub can make that decision on their behalf.

It may be impossible to work out exactly who owns what, but worst case, only people who's XRP was sent to ChangeNow should receive XRP back from that pot, IMO.

Maybe by combining xrpforensics data and the exchange logs, they can even work out exactly who's XRP was not exchanged?

Minefield

Massive respect for making such a logically sound and convincing statement. I thrive on logic and feel like I must agree that this may need to be the outcome that happens. You can absolutely see how crypto that aims to be anonymous can be a whole different maze in the legal realm.

Yes, everyone would want some fairness and equality for everyone affected, but there's a dangerous line when it comes to the legality of decisions. Since we could track whose XRP moved where, we'd know exactly whose money was recovered. The only hurdle would be if all that money was sent to a single wallet, and then that single wallet sent a portion to another wallet, which was the one they actually recovered. In that case, we can't deduce whose money was chosen to be sent to that second wallet. In that case, I think they would need to fail back to the proportional split between everyone's money that landed in that first wallet.

If this was a bank heist with physical money, the outcome would be different since the physical money would be agnostic to who it was stolen from. Conversely, if someone stole a bunch of jewelry from a repair shop, they wouldn't recover just your grandma's wedding ring and split that proportionally to everyone.

Share this post


Link to post
Share on other sites
1 hour ago, ShimsXRP said:

Hello - I was wiped of six figures of XRP on July 15th from GATEHUB.   Gatehub Support has not been helpful.   I was the victim of a SIM SWAP.  They somehow also added a device to my AUTHY account.  This is very scary stuff. If anyone has tips/advice please let me know.  

Very sorry to hear that, that's very scary when you think about it. The only advice I can give is to go through every online account that you own and recreate the credentials and 2-factor authentication, after checking to make sure that another email address or phone number hasn't been added that the attackers could use to get back in. It may be worth getting an entirely new email address or even phone number to separate yourself from the attackers.

Please report this to your local authorities, and if you're happy to, perhaps share some details with the xrpforensics team (@Silkjaer) in case this ends up being the same attacker.

Do you have any idea how the attackers got to know any of your details to begin with? Did one of your accounts have a weak password, or was involved in another hack?

Share this post


Link to post
Share on other sites
4 hours ago, at3n said:

Very sorry to hear that, that's very scary when you think about it. The only advice I can give is to go through every online account that you own and recreate the credentials and 2-factor authentication, after checking to make sure that another email address or phone number hasn't been added that the attackers could use to get back in. It may be worth getting an entirely new email address or even phone number to separate yourself from the attackers.

Please report this to your local authorities, and if you're happy to, perhaps share some details with the xrpforensics team (@Silkjaer) in case this ends up being the same attacker.

Do you have any idea how the attackers got to know any of your details to begin with? Did one of your accounts have a weak password, or was involved in another hack?

Hello - Thank you. My password was complicated. In addition to 2FA SMS, I also had the AUTHY app which the attacker added their device too somehow.   @Silkjaer if you can assist that would be great.  I have no idea how the attacker connected my phone to my GMAIL account. The only thing I can think of is the information was retrieved from @gatehub .  Gatehub mentioned phone numbers were not taken during the attack, but there is no other way this attacker would be able to connect it. The AT&T account is not even in my name, I am just a line on a family plan.

 

Timeline:

Sunday July 7 6:50AM EST - I receive two texts from Google asking me to verify a log into my Gmail with a Google Pin.   I do not think anything of it, but go in and change my password, and check if anything is different. 

 

Tuesday July 9 5:15PM EST - My phone loses service, I can not call or text (not even over Wi-Fi).  Not sure what's going on I turn phone/data on/off still nothing. I contact other members on my family plan, and their phones are working fine.  I run to apple store (across the street from me). I see a tech there who dials in AT&T support. It takes about two hours, but AT&T support thinks the Apple tech messed up my SIM card. She reconnects me, and before signing off give me the number for the fraud department.  I don't notice any rogue sign ins or email access attempts during this time, I write it off as a glitch and go about my night.

Monday July 15 2:00PM EST - My phone loses service again.  At the same time I am at my desk, and notice GOOGLE emailing me critical security alert sign in attempts sign in.  That's when it hit me they were trying to get into my gmail account using the 2FA from google.  I quickly change the password back and let google know it is not me on the other devices.  Not having access to my phone I used my other recovery email to reset the password.  The attacker than just reset it again using the phone.  I was able to reset a 4th time, but what I failed to do was click the button that signed myself out of all other web browsers instantly.

At 2:15PM in a full panic not sure what they are going after still, I get an alert from AUTHY that a new device was added to my app.  (The same LINUX device that was hacking my GMAIL).  Then immediately I emailed @gatehub support that I am being hacked and to lock my account.  At 2:18 and 2:19 I got two emails of New Device Authorization from Gatehub, I deleted both and removed from my trash within seconds.  I was too late, by 2:24PM six figures of XRP were moved to a new account.  Here is the link showing the wallets transactions including my withdrawal. 

https://bithomp.com/explorer/rswQEtBU9M3bG97uVcPu5xPUsg68wo7aQc

At 4:11PM GateHub let me know my account was now locked.  

 

Share this post


Link to post
Share on other sites
6 hours ago, at3n said:

Very sorry to hear that, that's very scary when you think about it. The only advice I can give is to go through every online account that you own and recreate the credentials and 2-factor authentication, after checking to make sure that another email address or phone number hasn't been added that the attackers could use to get back in. It may be worth getting an entirely new email address or even phone number to separate yourself from the attackers.

Please report this to your local authorities, and if you're happy to, perhaps share some details with the xrpforensics team (@Silkjaer) in case this ends up being the same attacker.

Do you have any idea how the attackers got to know any of your details to begin with? Did one of your accounts have a weak password, or was involved in another hack?

Gatehub system is not secure. with strong password + 2fa the hacker just gained the keys from access tokens which gatehub does not explain how. Just get away from them.

Share this post


Link to post
Share on other sites
Posted (edited)

So, this post is cooling down. Exactly like @gatehub was hoping. 

I think we should seriously start to prepare a class action against them. I am still on holidays but I will be back next week and ready to start working on it . 

This story cannot end with two winners (hackers and gatehub) and all of us losing money. 

Edited by Geekluca

Share this post


Link to post
Share on other sites

Yes you are right Geekluca we need to all get on a class action lawsuit against Gatehub, and ripple should also be pressed for telling us to migrate to them. Ripple should have never been associated with such a messed up company.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...