Thousands of Canary and Athena tokens trapped on Gatehub controlled Songbird accounts, EXFI not distributed...

[Gringo]

Gatehub had made it simple for non-custodian XRP wallets to claim both SGB and FLR airdrops. Users of Gatehub didn't need to worry about creating the message key with the ETH-compatible address to participate in the airdrop claim.

The allmost automated procedure to claim basically created a SGB/FLR address for Flare Network to send the token. But the SGB/FLR adress created by Gatehub and related to an XRP-non custodian address is a Gatehub CUSTODIAN Flare/Songbird address. Of course they had the right to proceed in that way, but a warning would have been better.

Why is it relevant?.

1) The difference between a custodian and a non-custodian wallet is that the XRP address owner is NOT the "real" owner of the Flare/Songbird adress associated to the XRP adress, so: not your keys, not your coins.

2) Gatehub operates those wallets with 0 reserve. So when there is SGB/FLR IN or OUT they send the tokens to a SGB/FLR hot wallet:

                                       https://songbird-explorer.flare.network/address/0x8B940C0476E61b13d103FfBd3D4d95496214a5aD

3) The EXFI token was sent to Gatehub's wallet, but those SGB are actually from Gatehub users. There is probably not an easy way to compare a "SGB IOU" snapshot to the SGB snapshot that has been used to distribute the EXFI token.

 

4) There are projects like Aesthetes & CanaryX that have sent their xATH & Canary tokens to those Gatehub Custodial wallets.

Both xATH and Canary tokens do have monetary value. There are thousands of Gatehub controlled wallets with Canary and xATH tokens "dormant" and because of Gatehubs implementation there is no way for Gatehub users to access them.

Gatehub should create the corresponding xATH and Canary tokens IOUs on the XRPL to solve this issue and treat them the same way as SGB/FLR IOUs for the non-custodial wallets. I believe it could be a legal problem for them if they don't recognize the existence of those tokens on the custodial wallets they have created fom non-custodial wallets.

Also if they one day move those tokens without letting the non-custodial users know, it would be appropiation of assets.

The same problem will occur to any further airdrop on Songbird or Flare. For some reason airdrops are delivered to accounts with a 0 balance. I suspect Gatehub reasoned that by immediatly removing all funds from those wallets to Gatehubs hotwallet no such airdrop would be sent. But they were wrong.

TL;DR Gatehub's wallet implementation of SGB/FLR wallets has created a nightmare for valuable token airdrops and posible legal consequences if some airdrops are of relevant monetary value.

 

[at3n]

On 1/13/2023 at 6:29 PM, Gringo said:

Of course they had the right to proceed in that way, but a warning would have been better.

In fairness, it was all publicly documented at the time. It was clear enough that you would be receiving a FLR IOU from Gatehub if you chose to use the "easy" Gatehub method of setting the message key.

There was nothing stopping anyone from taking their XRP secret key from Gatehub and setting their message key to whatever they wanted.

SGB wasn't even announced at the time, Gatehub were accommodating enough to support that, they didn't have to. I think it's a bit unrealistic to expect Gatehub (or an exchange) to continually support every single project that chooses to do airdrops.

Edited January 15 by at3n

[Gringo]

@at3n do you work for Gatehub? 

Anyway, this is the story: Gatehub was created as patch for the closure (ordered by FinCen) of Ripple's RippleTrade. At that time most XRP users had a "cold" and a "hot" wallet. The "hot" wallet used for trade (any IOU's vs XRP).

So they never had to actually work hard to get new clients, they just "inherited" a client base. By the way RippleTrade had the potential to be something in the like of what is Binance today, it was way ahead of its time.

The starting point of Gatehub was that jewel....and since then they remind under the radar as an irrelevant exchange compared to the big ones (once again: RippleTrade was a BIG ONE).

Once again, they decided this method just to create a cautive market of FLR/SGB or god knows why. Tokens with monetary value are trapped there and if they one day decide to not pass them to users it would probably create legal consequences for them. Since those are "non custodial" wallets the legal defense (for them) would not be that easy as the normal wallets on an exchange when they don't credit an airdrop.

[at3n]

15 hours ago, Gringo said:

@at3n do you work for Gatehub? 

No

15 hours ago, Gringo said:

Once again, they decided this method just to create a cautive market of FLR/SGB or god knows why. Tokens with monetary value are trapped there and if they one day decide to not pass them to users it would probably create legal consequences for them. Since those are "non custodial" wallets the legal defense (for them) would not be that easy as the normal wallets on an exchange when they don't credit an airdrop.

Seems to me that they were looking to create an easy way for their customers to claim Flare. Since they are an XRPL gateway and online XRP wallet business, it makes sense that they fit their Flare implementation within that structure.

The XRPL wallets are non-custodial but the assets backing the Gatehub IOUs are of course in the custody of Gatehub. By choosing the "easy" method, you were granting Gatehub custody of your future FLR, which is a very similar concept to choosing to receive it through an exchange.

[Gringo]

"The XRPL wallets are non-custodial", with the tech they already have, it would be trivial an easier for them to create a "non-custodial" SGB wallet and a "non-custodial" FLR wallet, but they made all this technical mess (more complicated to develop), just to be able to charge 0.3% for every trade of the FLR IOU and SGB IOU.

Actually they had the oportunity to create an "elegant" solution using non-custodial SGB and Flare wallets that that users could VOLUNTARY use to "bridge" into the XRPL for FLR IOU's and SGB IOU's creating a bigger market.

Once again, they have no clue how to build a notable exchange, because they just "inherited" the client base from RippleTrade so they never really cared much grow from there.

They still can create access to those addresses and let users operate them the same way non-custodial XRPL wallets, since they do have the keys. If they do, they will have the first XRPL-Flare bridge.

But I wouldn't bet they will, they don't seem to care much about growing.