Security March 27, 2022
Cryptocurrencies: GateHub Troubles
GateHub hacked, nearly $10 million worth of Ripple (XRP) stolen
In a “preliminary statement” published on its blog on Thursday, cryptocurrency wallet service GateHub has warned that over 100 customers have had their ledger wallets hacked and funds stolen.
Dear Valued Customers,
Recently, we have been notified by our customers and community members about funds on their XRP Ledger wallets being stolen and immediately started monitoring network activity and conducted an extensive internal investigation.
Although we have not identified any action or omission by GateHub that may have facilitated or allowed this apparent theft to occur, we apologize deeply to all of our customers for this issue and pledge to get to the bottom of it.
At the moment we estimate that approximately 100 XRP Ledger wallets were compromised. So far it looks like all the victims had their XRP Ledger wallets hosted on GateHub, but we cannot yet rule out that some wallets were not.
GateHub says it has contacted affected users, suggesting that they transfer any existing balances in their Ripple coin (XRP) wallets to a hosted wallet.
Some reports estimate that millions of Ripple coins have been stolen in the heist.
The acknowledgement by GateHub that there appears to have been a serious security breach coincided with the publication of a technical report by GateHub community member Thomas Silkjær.
That report claims 23.2 million Ripple coins (estimated to be worth nearly US $9.7 million) had been stolen from 80-90 GateHub accounts, with just over half of the booty already laundered through exchanges and mixer services.
What isn’t known at the time of writing is just how hackers managed to compromise the accounts, with GateHub saying that it has detected no suspicious logins or signs of any attempted brute-forcing of accounts.
GateHub says that while it continues to investigate the security breach it is not sharing any official conclusions about what occurred.
GateHub does, however, note that it has detected “an increased amount of API calls (with valid access tokens) coming from a small number of IP addresses”, and suggests that this might be how criminals were able to gain access to encrypted secret keys. GateHub notes that API requests to victims’ accounts were all authorised with a valid access token.
GateHub says that it has notified law enforcement about the theft.
The bad news for GateHub customers comes at the same time as another major theft of a digital currency platform was averted.
The Komodo blockchain platform revealed this week that its Agama cryptocurrency wallet app had been targeted by hackers. Hackers attempted to implant malicious code into the Agama app’s build chain with the intention of stealing wallet seeds and login passphrases.
“After discovering the vulnerability, our cybersecurity team used the same exploit to gain control of a lot of affected seeds and secure the funds at risk,” said Komodo in a blog post. “We were able to sweep around 8 million KMD (US $12.5 million) and 96 BTC (US $765,000) from these vulnerable wallets, which otherwise would have been easy pickings for the attacker.”
Once again cryptocurrency investors might be wise to consider whether it is wise to store large amounts of digital currency in online wallets.