Jump to content

a few user reported their gatehub wallet been hacked and XRP sent to r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k


yxxyun
 Share

Recommended Posts

6 hours ago, princesultan said:

That email from gatehub is a real cop out....

Yes it seems GateHub are just trying to pass blame onto my friend. He's followed all their security protocols to create a safe storage, yet GateHub internal security is flawed!

It's obvious that it was an internal issue but they don't want to take responsibility.

So gutted for him and for the rest of the guys that were rolled over by GateHub. 

Link to comment
Share on other sites

I remember that for a while there was a fake/phishing gatehub site set up so if you accidently typed getahub into google it was the number 1 result. Could it be related to that maybe and someone was patient enough to wait until taking funds to cover their tracks.

I also remember the site ripple tradle or something similar which I almost fell for myself. Luckily I noticed it before entering my details and reported either on here or on xrptalk. Someone then reported it to Google as a phishing site. I can't remember if during the migration we had to change our passwords or not? But again someone could have been patient enough and kept the logon details they obtained and only used them now? It seems a lot of people that were hacked have had their accounts a long time so maybe it's possible?

Link to comment
Share on other sites

9 minutes ago, mcgyve said:

I remember that for a while there was a fake/phishing gatehub site set up so if you accidently typed getahub into google it was the number 1 result. Could it be related to that maybe and someone was patient enough to wait until taking funds to cover their tracks.

I also remember the site ripple tradle or something similar which I almost fell for myself. Luckily I noticed it before entering my details and reported either on here or on xrptalk. Someone then reported it to Google as a phishing site. I can't remember if during the migration we had to change our passwords or not? But again someone could have been patient enough and kept the logon details they obtained and only used them now? It seems a lot of people that were hacked have had their accounts a long time so maybe it's possible?

I help get my friend into XRP in early 2017 and we set up the GateHub wallet for him to store. Seeing as it was endorsed by Ripple we didn't think twice. As far as I'm aware he's not touched or logged in since we set it up until he got an email from GateHub stating a possible withdrawal from his wallet.

When he logged in to check his 25,000XRP had gone.

He was set up with the normal security plus 2FA.

As soon as he told me, and after being asked by GateHub to confirm the device I was logging in from, I checked my wallets and all was fine.

 

Edited by hillsey_london
Link to comment
Share on other sites

9 minutes ago, hillsey_london said:

I help get my friend into XRP in early 2017 and we set up the GateHub wallet for him to store. Seeing as it was endorsed by Ripple we didn't think twice. As far as I'm aware he's not touched or logged in since we set it up until he got an email from GateHub stating a possible withdrawal from his wallet.

When he logged in to check his 25,000XRP had gone.

He was set up with the normal security plus 2FA.

As soon as he told me, and after being asked by GateHub to confirm the device I was logging in from, I checked my wallets and all was fine.

 

sorry to hear about your friend.  I still feel the urge to stress the importance of reporting this to authorities... Do you know if they have filed a local police report? 

Link to comment
Share on other sites

3 minutes ago, EcneitapLatnem said:

sorry to hear about your friend.  I still feel the urge to stress the importance of reporting this to authorities... Do you know if they have filed a local police report? 

GateHub also suggested this to him and I think he should. I'm sure the local police will just look at him in confusion as they'll have no idea of what he's talking about. But like you say if the police can get it on record and give him a crime number for his report at least he's done something to get it recorded.

Trying to help him as much as possible as he's gutted and it's hard to focus in them situations. 

Link to comment
Share on other sites

1 minute ago, hillsey_london said:

GateHub also suggested this to him and I think he should. I'm sure the local police will just look at him in confusion as they'll have no idea of what he's talking about. But like you say if the police can get it on record and give him a crime number for his report at least he's done something to get it recorded.

Trying to help him as much as possible as he's gutted and it's hard to focus in them situations. 

without a doubt, a no-brainer to me... the very first (possibly second) thing to do... and then seeing that gatehub is asking for the same suggest to me that it is (obviously) very important!

Link to comment
Share on other sites

Hey guys, I joined just because of this. First I would like to express that I feel for all of you who lost their XRPs. 

Second, I logged into my account and my XRPs are still there. Since GH was recommended by ripple and because we actually get our keys I thought it would be better having my Zerps with them than on a nano (could get physically stolen, burned in a fire, etc.)... however it seems I was completely wrong.

I've now ordered a Nano S, but it will take a few days to arrive. Can someone please suggest the safest step to secure the XRP? Should I move them from GH to an exchange for the moment until the ledger arrives? What is the best thing to do at the moment?

Edited by JohnS0N
Link to comment
Share on other sites

A quick look to the transaction, it lacks the Memo fields that Gatehub fills with type client, data Gatehub etc. 

This indicates that the attacker did not use access to Gatehub to steal the funds, but the secred key was used to sign a payment transaction (but please correct me if I am wrong..)

As there is no indication non-Gatehub accounts are affected, it looks like someone got access to the encrypted secret keys in the Gatehub database, and managed to decrypt some. 

I think the smartest thing to do for all Gatehub users (including myself) is to change the secret key and disable master key. This way the decrypted secrets are not useful anymore...

Link to comment
Share on other sites

I seem to recall that there was a possible hack based on bad random seed generation that could be used to exploit old wallets that were created using some of the early versions of ripple. The hack allows an attacker to regenerate wallets and keys and search for any that match known wallet addresses on the ledger and then drain them because they've generated the same wallet address and now have the key. Early wallets on gatehub might be susceptible to this? My memory of this is a bit vague, perhaps @Sukrim or @nikb would know better.

(If this were the case, then it would not be necessary for an insider at gatehub to be responsible, just a long brute force operation on wallet generation).

Link to comment
Share on other sites

gatehub and chris larson need to respond quickly and assure people that they will be compensated for their losses  ,

binance did it also shapeshift did it a couple of years ago .

 

Link to comment
Share on other sites

10 minutes ago, jbjnr said:

I seem to recall that there was a possible hack based on bad random seed generation that could be used to exploit old wallets that were created using some of the early versions of ripple. The hack allows an attacker to regenerate wallets and keys and search for any that match known wallet addresses on the ledger and then drain them because they've generated the same wallet address and now have the key. Early wallets on gatehub might be susceptible to this? My memory of this is a bit vague, perhaps @Sukrim or @nikb would know better.

(If this were the case, then it would not be necessary for an insider at gatehub to be responsible, just a long brute force operation on wallet generation).

You are probably referring to this: https://ripple.com/dev-blog/statement-on-the-biased-nonce-sense-paper/

I am wondering, from any of the victims ( to exclude this as the possible source of the hack )  if they either 

a) made 0 or max 1 transaction with the hacked account: In that case brute-force attack as described in the paper is not possible 

b) made transactions using Gatehub via a client device that would not be able to generate a 'good' random value (perhaps very old laptop, mobile, or something else). I think most newer devices create good random values and then the issue described in the paper would imo not be an issue.

Link to comment
Share on other sites

43 minutes ago, jbjnr said:

Early wallets on gatehub might be susceptible to this?

The time a wallet was created doesn't really matter, the problem was/is with the software that was used to sign transactions (e.g. ripple-lib).

Gatehub's software is closed source. I have very limited compassion for people using closed source software in combination with cryptocurrencies.

Link to comment
Share on other sites

12 hours ago, cjeremys2 said:

Nonetheless it's already a lost cause since Gatehub will technically not take responsibility on this matter as clearly the victims like myself don't have proof that Gatehub's system has been compromised, hence no compensation/refund. 

This is horrible and I feel with all you guys. Why should GH not be responsible? I'd try to find peace of mind now, in the past GH was responsive and they covered hacks (into their own wallet). I received an email from them upon my inquire whether, as a response to these hacks, they plan additional security measures. This is also devastating for them. So they say wait until we respond again once we know what's going on.

Not much transparency so far, but this is early days. Don't forget, Ripple recommends GH, this exchange should not fail.

Yet, what's worrying is that first hacks were reported end of May, and like @kanaas here only two days ago! So GateHub doesn't seem to have a clue for now what's going on.

Edited by panmores
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.