XRP taken out of my gatehub wallet from 2017. I'm a victim of 2017 hacking?

[littleripples]

Hey i have looked at my gatehub history because i was feeling suspicious about my account value. I want to attach some photos too. 

Ive been googling online and i think this sounds similar to my problem too: https://www.xrpchat.com/topic/6276-about-32000-xrp-disappeared

I am missing like 70,000 XRP! A crazy amount is gone. I'm posting some pics so you can see. You see my balance go from 93,588 XRP down to 20,727 XRP! It's awful, I believe I was hacked. What do I do now to get my XRP back? Will gatehub help me or ignore me and let my money be stolen?

[at3n]

I'm sorry to hear that you lost so much XRP It will probably be very hard to prove if it was a Gatehub hack or not given that it was so long ago.

If you look up the transaction hash of one of the transactions on Bithomp, does the memo field say "Client: Gatehub"? It may not help much but it will help understand a little bit how it happened.

Did you ever make any notes of your secret key outside of Gatehub? Problem with Gatehub "hacks" is that because the secret key is make available to the user, It's possible that a user error led to the hack, rather than a Gatehub error, so it's hard to pin it on them.

[littleripples]

Thanks for your reply at3n! Okay, so i was always a cautious user; 2FA enabled, keep all my passwords and secure codes private.

I have now looked up some of the tx hashes on bithomp, and indeed it says 

"Memos: Client: gatehub"

With "gatehub" in lowercase

[at3n]

Mmm... So that just tells us it was probably done using the Gatehub website or the API. Are you able to search back through emails to see if there were any login verification emails around the time of the transactions? And are there any login logs on Gatehub itself? If there's anything that tells you what IP addresses were used to log in around then, perhaps you can see one that was out of place?

Using WHOIS services online you can get an idea of which ISP and country an IP address is from.

Again, not much help to get the xrp back (that will unfortunately be almost impossible), but perhaps useful to make a report/dispute with Gatehub or at least find some sort of closure.

The address that the xrp was sent to, does it look like an obvious hacker address? (Lots of deposits from many accounts, xrp subsequently sent to an exchange). If you could see lots of incoming deposits with Client: Gatehub memos, then maybe that points to a larger Gatehub hack.

[jargoman]

You'd be the first person the hacker didn't clean out and instead left some funds. That's strange. Are you sure you didn't send XRP to an exchange and forget?