Besieged XRP wallet provider GateHub, whose users last week suffered a brutal security hack in which over 20 million XRP were stolen from 100 wallets, has now issued an urgent warning that users are being targeted by a phishing scam.
Latest : GateHub users targeted by phishing scam
Following the June 1 hack, GateHub emailed all their affected users and urged them to move their remaining XRP funds to a GateHub-hosted wallet to ensure no further cryptocurrency were stolen.
As expected, scammers saw this official GatehHub SOS (sent from the Gatehub.net domain) to its users, which is very unusual in the Fintech sector due to the prevalence of phishing scams, as the perfect opportunity to cash in and deceive users.
GateHub customers have since reported receiving emails from addresses from both @gatehub.net and @gatehub.com that urged them to create a new Ripple wallet and move their funds there.
If you’re an affected GateHub user, please read the following article before you respond to any of their emails.
What is GateHub?
GateHub is a platform built on the XRP Ledger protocol that allows cryptocurrency users to send, receive, trade and manage different asset types.
GateHub XRP Hack Summary
- In a preliminary statement on 6 June 2019, the cryptocurrency wallet service admitted that hackers had penetrated some of their users’ XRP Ledger Wallets and robbed them of over 23 million XRP (worth $10 million).
- GateHub was alerted to the security breach by customers and members of the Ripple community watchdog XRP Forensics.
- They have since detected that more than 18,000 accounts were potentially affected due to suspicious API calls, with over 5,000 of these accounts containing XRP balances. Owners of 103 XRP wallets have suffered severe losses in the security breach.
- While the company expressed their sincere apologies over the incident, they have not issued an official mea culpa yet and are maintaining their innocence while they collect evidence and try to figure out what happened.
How did the GateHub XRP Ledger Wallet theft happen?
1 June – XRP Forensics watchdog uncovers hack
According to XRP enthusiast Thomas Silkjaer, member of Ripple security watchdog XRP Forensics, his organization was made aware of the theft of 200,000 XRP on June 1st.
They quickly linked the account in question to being managed by Gatehub.net, and found it had stolen millions more XRP coins from other GateHub-hosted XRP accounts.
13 million XRP already moved to exchanges and mixers
All in all, Silkjaer’s team identified about 90 wallets affected in the breach, which they said were robbed of 23,200,000 XRP.
Over 13 million XRP of these funds have now already been laundered through digital exchanges and crypto “mixers”.
XRP Forensics have since tied the stolen XRP being transferred to accounts at the following (innocent) exchanges, whom GateHub is working with to try and freeze these assets:
- Changelly: 6,000,000 XRP
- ChangeNow: 3,250,000 XRP
- KuCoin: 1,500,000 XRP
- Huobi: 930,000 XRP
- HitBTC: 115,000 XRP
- Binance: 110,000 XRP
How did GateHub stop the hack?
In a follow-up statement on June 7, GateHub claims that the hacker(s) gained access to a database that contained valid customer access tokens. The culprits then used these tokens in an increasing number of API calls from only a few IP addresses.
After they were made aware of the compromised customer access tokens, GateHub disabled them, which subsequently stopped the API calls.
The crypto wallet service then contacted all affected GateHub XRP wallet holders and urged them to immediately transfer their remaining funds to a GateHub hosted wallet while they complete their investigation.
Who’s to blame for GateHub’s XRP Theft?
GateHub has been unable up to now to identify any fault on their part that may have allowed this hack to happen. According to their statement, there were no indications of suspicious logins or a brute force attack.
They are currently working hard in tandem with a professional IT forensics company to figure out if and how their system was penetrated in order to carry out the hack, and have also roped in law enforcement officials, whilst upgrading their security measures.
XRP Forensics give possible scenario’s for the hack
Whistleblowers XRP Forensics have kept investigating the matter and found the following possible causes, but discounted them all as unlikely. You can read their full report here:
- GateHub account hacks
- Repeating or incremental nonces
- RippleTrade migration
- Browser client hacking
- Old database account
What should GateHub XRP holders do?
GateHub immediately contacted the affected XRP wallet owners via email and asked them to move their funds to the company’s wallets, according to their preliminary statement. As XRP Ledger Wallets are safeguarded with secret and encrypted keys, GateHub cannot access users’ native RCL wallets or passwords. Therefore, only their users can move their funds.
In the coming days, GateHub will re-generate customer encryption keys and disable all existing XRP Ledger wallet secret keys, creating new encrypted secret keys that should prevent further access by the hacker to any XRP Ledger wallets. The process will be automated and users won’t have to take any action.
As the company’s users are now also targeted by phishing scams, our best advice is to contact GateHub directly via email or on their website.
In retrospect, it seems now that Komodo’s unprecedented move last week to safeguard their users’ assets was indeed a stroke of genius.