Gatehub Customer XRP Wallets Breached: Difference between revisions

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search
No edit summary
No edit summary
 
Line 1: Line 1:
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/gatehubcustomerxrpwalletsbreached.php}}
{{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/gatehubcustomerxrpwalletsbreached.php}}
{{Unattributed Citations}}
{{Unattributed Sources}}


[[File:Gatehub.jpg|thumb|GateHub]]It appears that GateHub is both a wallet and exchange service provider, and that customers using the wallet do not actually own their own keys. GateHub stored customer wallets in a database which was accessible online. The company advertises on their website that they “make sure your money is always safe” and “you won’t ever want to use your old bank account again.” It would appear that the company is not in any position to cover the losses, and only 500k of XRP were recovered from other exchanges.
[[File:Gatehub.jpg|thumb|GateHub]]It appears that GateHub is both a wallet and exchange service provider, and that customers using the wallet do not actually own their own keys. GateHub stored customer wallets in a database which was accessible online. The company advertises on their website that they “make sure your money is always safe” and “you won’t ever want to use your old bank account again.” It would appear that the company is not in any position to cover the losses, and only 500k of XRP were recovered from other exchanges.


This exchange or platform is based in United Kingdom, or the incident targeted people primarily in United Kingdom.
This exchange or platform is based in United Kingdom, or the incident targeted people primarily in United Kingdom.<ref name="businessinsider-89" /><ref name="gatehub-123" /><ref name="gatehub-124" /><ref name="gatehub-125" /><ref name="fxstreet-126" /><ref name="cointelegraph-130" /><ref name="cryptoxdirectory-2276" /><ref name="gatehub-4792" /><ref name="gatehub-4793" /><ref name="gatehublimitedlinkedin-4794" /><ref name="bitdegree-4795" /><ref name="captainaltcoin-4796" /><ref name="xrpforensicsmedium-4797" /><ref name="medium-4798" /><ref name="somethingdecent-4799" /><ref name="ukgovernment-4800" /><ref name="crunchbase-4801" />
<ref name="businessinsider-89" /><ref name="gatehub-123" /><ref name="gatehub-124" /><ref name="gatehub-125" /><ref name="fxstreet-126" /><ref name="cointelegraph-130" /><ref name="cryptoxdirectory-2276" /><ref name="gatehub-4792" /><ref name="gatehub-4793" /><ref name="gatehublimitedlinkedin-4794" /><ref name="bitdegree-4795" /><ref name="captainaltcoin-4796" /><ref name="xrpforensicsmedium-4797" /><ref name="medium-4798" /><ref name="somethingdecent-4799" /><ref name="ukgovernment-4800" /><ref name="crunchbase-4801" />


== About GateHub ==
== About GateHub ==
Line 81: Line 80:
!Description
!Description
|-
|-
|June 1st, 2019 12:00:00 AM
|June 1st, 2019
|Main Event
|Main Event
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
Line 89: Line 88:
|
|
|}
|}
== Technical Details ==
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?


== Total Amount Lost ==
== Total Amount Lost ==
Line 108: Line 110:
== Ongoing Developments ==
== Ongoing Developments ==
What parts of this case are still remaining to be concluded?
What parts of this case are still remaining to be concluded?
== General Prevention Policies ==
While the most secure storage by far is a multi-signature wallet with all keys properly held by trained individuals, security of hot wallets can be improved by having additional experts review the security of systems. Our proposed framework sees 2 reviews prior to launch, and regular reviews on an ongoing basis. In the event of a breach, a comprehensive industry insurance fund would be available, which handles fraud and covers additional events beyond self-insurance.
== Individual Prevention Policies ==
{{Prevention:Individuals:Placeholder}}
{{Prevention:Individuals:End}}
== Platform Prevention Policies ==
{{Prevention:Platforms:Placeholder}}
{{Prevention:Platforms:End}}
== Regulatory Prevention Policies ==
{{Prevention:Regulators:Placeholder}}


== Prevention Policies ==
{{Prevention:Regulators:End}}
While the most secure storage by far is a multi-signature wallet with all keys properly held by trained individuals, security of hot wallets can be improved by having additional experts review the security of systems. Our proposed framework sees 2 reviews prior to launch, and regular reviews on an ongoing basis. In the event of a breach, a comprehensive industry insurance fund would be available, which handles fraud and covers additional events beyond self-insurance.


== References ==
== References ==
<references><ref name="businessinsider-89">[https://www.businessinsider.com/the-biggest-cryptocurrency-scams-and-arrests-of-2019-so-far-2019-8 The biggest cryptocurrency scams and arrests of 2019 - Business Insider] (Feb 14, 2020)</ref>
<references><ref name="businessinsider-89">[https://www.businessinsider.com/the-biggest-cryptocurrency-scams-and-arrests-of-2019-so-far-2019-8 The biggest cryptocurrency scams and arrests of 2019 - Business Insider] (Feb 15, 2020)</ref>


<ref name="gatehub-123">[https://gatehub.net/blog/gatehub-update-investigation-continues/ GateHub update, investigation continues] (Feb 22, 2020)</ref>
<ref name="gatehub-123">[https://gatehub.net/blog/gatehub-update-investigation-continues/ GateHub update, investigation continues] (Feb 23, 2020)</ref>


<ref name="gatehub-124">[https://gatehub.net/blog/gatehub-preliminary-statement/ GateHub Preliminary Statement] (Feb 22, 2020)</ref>
<ref name="gatehub-124">[https://gatehub.net/blog/gatehub-preliminary-statement/ GateHub Preliminary Statement] (Feb 23, 2020)</ref>


<ref name="gatehub-125">[https://gatehub.net/blog/gatehub-investigation-final-statement/ GateHub Investigation - Final Statement] (Feb 22, 2020)</ref>
<ref name="gatehub-125">[https://gatehub.net/blog/gatehub-investigation-final-statement/ GateHub Investigation - Final Statement] (Feb 23, 2020)</ref>


<ref name="fxstreet-126">[https://www.fxstreet.com/cryptocurrencies/news/gatehub-provides-update-on-the-10-million-xrp-hack-201906131706 GateHub provides update on the $10 Million XRP Hack] (Feb 22, 2020)</ref>
<ref name="fxstreet-126">[https://www.fxstreet.com/cryptocurrencies/news/gatehub-provides-update-on-the-10-million-xrp-hack-201906131706 GateHub provides update on the $10 Million XRP Hack] (Feb 23, 2020)</ref>


<ref name="cointelegraph-130">[https://cointelegraph.com/news/most-significant-hacks-of-2019-new-record-of-twelve-in-one-year Most Significant Hacks of 2019 — New Record of Twelve in One Year] (Feb 22, 2020)</ref>
<ref name="cointelegraph-130">[https://cointelegraph.com/news/most-significant-hacks-of-2019-new-record-of-twelve-in-one-year Most Significant Hacks of 2019 — New Record of Twelve in One Year] (Feb 23, 2020)</ref>


<ref name="cryptoxdirectory-2276">[https://cryptoxdirectory.com/hacked_2019 The 23 exchange hacks of 2019] (Aug 7, 2021)</ref>
<ref name="cryptoxdirectory-2276">[https://cryptoxdirectory.com/hacked_2019 The 23 exchange hacks of 2019] (Aug 8, 2021)</ref>


<ref name="gatehub-4792">[https://gatehub.net/ https://gatehub.net/] (Dec 24, 2021)</ref>
<ref name="gatehub-4792">[https://gatehub.net/ https://gatehub.net/] (Dec 25, 2021)</ref>


<ref name="gatehub-4793">[https://gatehub.net/legal/responsible-disclosure https://gatehub.net/legal/responsible-disclosure] (Dec 24, 2021)</ref>
<ref name="gatehub-4793">[https://gatehub.net/legal/responsible-disclosure https://gatehub.net/legal/responsible-disclosure] (Dec 25, 2021)</ref>


<ref name="gatehublimitedlinkedin-4794">[https://www.linkedin.com/company/gatehub-limited/ https://www.linkedin.com/company/gatehub-limited/] (Dec 25, 2021)</ref>
<ref name="gatehublimitedlinkedin-4794">[https://www.linkedin.com/company/gatehub-limited/ https://www.linkedin.com/company/gatehub-limited/] (Dec 26, 2021)</ref>


<ref name="bitdegree-4795">[https://www.bitdegree.org/crypto/gatehub-review Complete Gatehub Review: is Gatehub Safe to Use?] (Dec 25, 2021)</ref>
<ref name="bitdegree-4795">[https://www.bitdegree.org/crypto/gatehub-review Complete Gatehub Review: is Gatehub Safe to Use?] (Dec 26, 2021)</ref>


<ref name="captainaltcoin-4796">[https://captainaltcoin.com/gatehub-review/ https://captainaltcoin.com/gatehub-review/] (Dec 25, 2021)</ref>
<ref name="captainaltcoin-4796">[https://captainaltcoin.com/gatehub-review/ https://captainaltcoin.com/gatehub-review/] (Dec 26, 2021)</ref>


<ref name="xrpforensicsmedium-4797">[https://medium.com/xrp-forensics/overview-of-the-gatehub-hack-f88a441c9203 Overview Of The Gatehub Hack] (Dec 26, 2021)</ref>
<ref name="xrpforensicsmedium-4797">[https://medium.com/xrp-forensics/overview-of-the-gatehub-hack-f88a441c9203 Overview Of The Gatehub Hack] (Dec 26, 2021)</ref>

Latest revision as of 13:19, 1 May 2023

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

GateHub

It appears that GateHub is both a wallet and exchange service provider, and that customers using the wallet do not actually own their own keys. GateHub stored customer wallets in a database which was accessible online. The company advertises on their website that they “make sure your money is always safe” and “you won’t ever want to use your old bank account again.” It would appear that the company is not in any position to cover the losses, and only 500k of XRP were recovered from other exchanges.

This exchange or platform is based in United Kingdom, or the incident targeted people primarily in United Kingdom.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17]

About GateHub

"The GateHub platform was created in 2014 by a UK company. When it was first launched, it was built specifically for the Ripple (XRP) cryptocurrency, however, it now supports other coins too. GateHub has two main functions as it not only allows people to store their coins, but it allows people to trade them too!" "The GateHub wallet was originally built to support Ripple (XRP), but now it supports a total of 8 different coins."

"GateHub Ltd is a UK based multinational technology company that specializes in development of financial services and products, which include blockchain based global settlement system, interledger based payment scheme, digital wallet, connector and gateway service." "GateHub is UK-based crypto exchange, owned by London-based GateHub Limited. However, it seems that its founders originate from Slovenia." "Level 3 207 Regent Street W1B 3HH London United Kingdom" "Zaloška 1 1000 Ljubljana Slovenia"

"The wallet allows you to send and receive cryptocurrencies, as well as store them. It is also possible to send coins to another GateHub user by entering their username, which makes it super straight forward in comparison to a lot of other wallets. The wallet is accessed online through a web browser, which is available either through a desktop device, Android or iOS."

"The GateHub platform is the “official” online wallet solution for XRP owners that lets users send funds to other people by using their name, wallet name, Ripple address, or email address. The project has been around for some time now and is clearly designed to cater to as many people as possible. Another interesting thing to mention is that it is also possible to access the trade feature within the wallet itself."

“On June 1, Ripple (XRP) wallet provider GateHub suffered a security hack in which 23.2 million XRP were stolen from over 103 user wallets, although over 18,000 total accounts may have been affected.”

"Back on June 6, cryptocurrency wallet service Gatehub revealed a $10.1 million hack that compromised nearly 100 customers’ wallets. The breach was discovered only after several users notified the exchange that funds from their wallets were missing."

"Recently, we have been notified by our customers and community members about funds on their XRP Ledger wallets being stolen and immediately started monitoring network activity and conducted an extensive internal investigation."

"Although we have not identified any action or omission by GateHub that may have facilitated or allowed this apparent theft to occur, we apologize deeply to all of our customers for this issue and pledge to get to the bottom of it." "The nature of the attack is still unknown to GateHub’s staff although they have confirmed that they do not suspect the actions of their staff to have either facilitated or allowed the hack."

"At the moment we estimate that approximately 100 XRP Ledger wallets were compromised. So far it looks like all the victims had their XRP Ledger wallets hosted on GateHub, but we cannot yet rule out that some wallets were not."

"The acknowledgement by GateHub that there appears to have been a serious security breach coincided with the publication of a technical report by GateHub community member Thomas Silkjær."

"That report claims 23.2 million Ripple coins (estimated to be worth nearly US $9.7 million) had been stolen from 80-90 GateHub accounts, with just over half of the booty already laundered through exchanges and mixer services."

"What isn’t known at the time of writing is just how hackers managed to compromise the accounts, with GateHub saying that it has detected no suspicious logins or signs of any attempted brute-forcing of accounts."

"GateHub says that while it continues to investigate the security breach it is not sharing any official conclusions about what occurred."

"GateHub does, however, note that it has detected “an increased amount of API calls (with valid access tokens) coming from a small number of IP addresses”, and suggests that this might be how criminals were able to gain access to encrypted secret keys. GateHub notes that API requests to victims’ accounts were all authorised with a valid access token."

“According a statement by GateHub, hackers penetrated the wallets after gaining access to a database that contained valid customer access tokens. These credentials essentially tell a server who the users are and keep them logged in. When a user logs out, the access token is destroyed, and the user must log back in to receive a new one. Broken authentication such as compromised access tokens is number two on the OWASP’s top 10 attack vectors.”

"GateHub says that it has notified law enforcement about the theft." “We will continue to work closely with law enforcement agencies from different jurisdictions to identify the criminal hackers responsible for this theft. We are in contact with more than a dozen exchanges and wallet providers to freeze the stolen funds before they are cashed out. Once these legal procedures are completed we will know the exact amount of funds that our customers will be able to retrieve. Until then we kindly ask our customers to remain patient and report any suspected losses to their local law enforcement agencies in case they haven’t done so already.”

"Services used to cash out (not complicit). We have identified some of the largest recipients (rounded figures): changelly.com: 6,000,000 XRP, changenow.io: 3,250,000 XRP, kucoin.com: 1,500,000 XRP, huobi.com: 930,000 XRP, exmo.me: 135,000 XRP, hitbtc.com: 115,000 XRP, binance.com: 110,000 XRP, alfacashier.com: 50,000 XRP."

"However, in 2017 there was a security issue that resulted in people having their coins stolen. The GateHub centralized servers were hacked, which allowed the criminals to get away with more than $5 million in cryptocurrency."

"According to various users, GateHub said they would not refund the stolen funds."

This exchange or platform is based in United Kingdom, or the incident targeted people primarily in United Kingdom.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Gatehub Customer XRP Wallets Breached
Date Event Description
June 1st, 2019 Main Event Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost has been estimated at $10,100,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

General Prevention Policies

While the most secure storage by far is a multi-signature wallet with all keys properly held by trained individuals, security of hot wallets can be improved by having additional experts review the security of systems. Our proposed framework sees 2 reviews prior to launch, and regular reviews on an ongoing basis. In the event of a breach, a comprehensive industry insurance fund would be available, which handles fraud and covers additional events beyond self-insurance.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. The biggest cryptocurrency scams and arrests of 2019 - Business Insider (Feb 15, 2020)
  2. GateHub update, investigation continues (Feb 23, 2020)
  3. GateHub Preliminary Statement (Feb 23, 2020)
  4. GateHub Investigation - Final Statement (Feb 23, 2020)
  5. GateHub provides update on the $10 Million XRP Hack (Feb 23, 2020)
  6. Most Significant Hacks of 2019 — New Record of Twelve in One Year (Feb 23, 2020)
  7. The 23 exchange hacks of 2019 (Aug 8, 2021)
  8. https://gatehub.net/ (Dec 25, 2021)
  9. https://gatehub.net/legal/responsible-disclosure (Dec 25, 2021)
  10. https://www.linkedin.com/company/gatehub-limited/ (Dec 26, 2021)
  11. Complete Gatehub Review: is Gatehub Safe to Use? (Dec 26, 2021)
  12. https://captainaltcoin.com/gatehub-review/ (Dec 26, 2021)
  13. Overview Of The Gatehub Hack (Dec 26, 2021)
  14. https://medium.datadriveninvestor.com/gatehub-hacked-for-23m-xrp-worth-10m-usd-7d5def44d949 (Dec 26, 2021)
  15. GateHub Hacked for 23m XRP Worth $10m USD - Something Decent (Dec 26, 2021)
  16. https://find-and-update.company-information.service.gov.uk/company/09311138 (Dec 26, 2021)
  17. https://www.crunchbase.com/organization/gatehub (Dec 26, 2021)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Gatehub_Customer_XRP_Wallets_Breached&oldid=3669"