GATEHUB

DESCRIPTION OF EVENTS

"The GateHub platform was created in 2014 by a UK company. When it was first launched, it was built specifically for the Ripple (XRP) cryptocurrency, however, it now supports other coins too. GateHub has two main functions as it not only allows people to store their coins, but it allows people to trade them too!" "The GateHub wallet was originally built to support Ripple (XRP), but now it supports a total of 8 different coins."

"GateHub Ltd is a UK based multinational technology company that specializes in development of financial services and products, which include blockchain based global settlement system, interledger based payment scheme, digital wallet, connector and gateway service." "GateHub is UK-based crypto exchange, owned by London-based GateHub Limited. However, it seems that its founders originate from Slovenia." "Level 3 207 Regent Street W1B 3HH London United Kingdom" "Zaloška 1 1000 Ljubljana Slovenia"

"The wallet allows you to send and receive cryptocurrencies, as well as store them. It is also possible to send coins to another GateHub user by entering their username, which makes it super straight forward in comparison to a lot of other wallets. The wallet is accessed online through a web browser, which is available either through a desktop device, Android or iOS."

"The GateHub platform is the “official” online wallet solution for XRP owners that lets users send funds to other people by using their name, wallet name, Ripple address, or email address. The project has been around for some time now and is clearly designed to cater to as many people as possible. Another interesting thing to mention is that it is also possible to access the trade feature within the wallet itself."

"Password data and other pieces of personal data belonging to as many as 1.4 million accounts on the Gatehub cryptocurrency wallet service, according to a November 20th report by Dan Goodin, Security Editor at Ars Technica. The leaks were discovered by Troy Hunt, a security researcher who runs the Have I Been Pwned security breach notification service."

"Hunt, who created a website that provides information about compromised passwords, haveibeenpwned.com, told Ars Technica that information containing cryptographically secured passwords and personal information for a total of 2.2 million users across two websites have been posted online." "The databases include registered email addresses and passwords that were cryptographically hashed with bcrypt, a function that's among the hardest to crack."

"The person posting the 3.72GB Gatehub database said it also includes two-factor authentication keys, mnemonic phrases, and wallet hashes, although GateHub officials said an investigation suggested wallet hashes were not accessed. The EpicBot database, meanwhile, purportedly included usernames and IP addresses."

"Hunt took a representative sample of accounts from online databases, and said that all emails he checked were registered to accounts from the sites."

"Whether the June hack is related to [this] recent data dump is currently unknown, as is its origin." "The posting of the database means the breach that the wallet service disclosed in July was much bigger than previously thought. Rather than obtaining only access tokens, the attackers also took 2FA keys, email addresses, password hashes, mnemonic phrases, and possibly wallet hashes. What's more, the breach affected as many as 1.4 million GateHub users, not just the 18,473 mentioned in the disclosure. In an email, an unnamed member of the GateHub security team wrote:"

"We are aware of a database posted on RaidForums whose author claims that it belongs to GateHub. The alleged GateHub database is being thoroughly examined by our team, therefore, we are unable to confirm its authenticity at this time. We will make sure to keep you posted of any updates."

"From what we have gathered so far, it does not contain wallet hashes. As mentioned before, we are still verifying its authenticity."

"One of our initial responses to the cyber attack was to introduce re-encryption to all GateHub accounts. With the new re-encryption, all GateHub accounts were re-encrypted and all of our customers had to change their passwords. This was introduced in July 2019."

The statement didn't explain why the investigation has been unable to verify the authenticity of the data 25 days after it was posted and four months after it was first accessed. It was also unclear precisely what officials meant by "re-encrypted."

"There are references to PGP [in the database]," Hunt told me. "There are what appear to be PGP encrypted strings. I'm not sure if that's what they rotated. Are they talking about rotating cryptographic hashes, or are they talking about this section of PGP which is wallet related?"

"GateHub sent notices telling users to change their passwords when the breach was announced, but if you didn”t change your password then, you should do it now. More importantly, users should consider changing their mnemonic phrases."

GateHub customers had their private information breached, which is suspected to have occurred as part of the June hacking event. (Though GateHub reported at the time that only a limited number of accounts were accessed.) As GateHub already asked their customers to change passwords after the June breach, the impact is limited to information that may be reused on other services.

1.4 Million GateHub Accounts' Personal Data Leaked: Report | Finance Magnates (Dec 26)
@aashishkoirala Twitter (Dec 26)
https://gatehub.net/ (Dec 25)
https://www.linkedin.com/company/gatehub-limited/ (Dec 26)
Complete Gatehub Review: is Gatehub Safe to Use? (Dec 26)
https://captainaltcoin.com/gatehub-review/ (Dec 26)
https://find-and-update.company-information.service.gov.uk/company/09311138 (Dec 26)
https://www.crunchbase.com/organization/gatehub (Dec 26)
GateHub crypto wallet hack exposes 1.4 million users - Decrypt (Jan 1)
Password data for ~2.2 million users of currency and gaming sites dumped online | Ars Technica (Jan 1)
Gatehub and EpicBot Hacked; 2.2 Million User Accounts Leaked (Jan 1)

More case studies

BitMEX
Email Gaffe

Vertcoin Attempted
51% Attack