23 million XRP stolen from users on GateHub due to ‘potential security breach’

[Magician]

 
 
Thomas Silkjær, the creative director at 2K/DENMARK, outlined a “potential security breach” at GateHub might have caused users to lose approximately 23 million XRP.

GateHub is a wallet and gateway for to safely store/transact XRP. In a Medium article, Silkjær wrote that the breach was noticed on June 1 in a transaction of approximately 201,000 XRP sent between two wallets.

Silkjær wrote:

“it turned out that the account robbed was managed through Gatehub.net, and that the offending account (r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k) had stolen substantial amounts from several other XRP accounts, likely to be or have been managed through Gatehub.net.”

There were a total of 12 suspected accounts as mentioned by Silkjær which may have connections leading to the loss of funds. The first victim was stolen of 10,000 XRP via a transaction that took place on May 30, 2018, at 12:25 UTC.

Cumulatively, an approximate of 23,200,000 XRP has been stolen so far by the attacker from over 80-90 victims and 13 million XRP from these stolen funds, according to Silkjær, have already been laundered through exchanges and other cryptocurrency mixing services available.

Yellow: Exchanges and accounts used to cash out. Blue: Victims. Red: 9 suspected accounts Note: A few victims may have not been channeled through the suspect accounts and have had funds sent directly to exchanges Source: Thomas Silkjær

Silkjær mentioned that there was no conclusive evidence pointing towards the center of the attack and that the attack could have happened due to various ways, which include phishing, gatehub account hacks,  repeating nonce, etc.

XRP community members warned users to steer clear of GateHub, temporarily, and maintain strict privacy when it comes to sharing private information.

/dev/null/products, a prominent member in the XRP ecosystem tweeted hoping for a response from GateHub.

https://twitter.com/DevNullProd/status/1136358914705035265

GateHub posted an official response on XRP Chat forum and have admitted that there was indeed a breach, however, unsure if it was caused due to “any action or omission by GateHub that may have facilitated or allowed this apparent theft to occur”.

The response also mentioned an unusually high number of API calls coming from a small number of IP addresses which might be how the perpetrator gained access to encrypted secret keys, which could be the start of the thread, but it still doesn’t explain how the attacker gained access to “other required information needed to decrypt the secret keys”.

In addition, the response also mentioned that approximately 58 XRP ledger wallets were compromised and that the investigation was on-going, any and all information would be updated in their official response.

Source