GateHub Privacy Breach
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
GateHub customers had their private information breached, which is suspected to have occurred as part of the June hacking event. (Though GateHub reported at the time that only a limited number of accounts were accessed.) As GateHub already asked their customers to change passwords after the June breach, the impact is limited to information that may be reused on other services.
This exchange or platform is based in United Kingdom, or the incident targeted people primarily in United Kingdom.[1][2][3][4][5][6][7][8][9][10][11]
About GateHub
"The GateHub platform was created in 2014 by a UK company. When it was first launched, it was built specifically for the Ripple (XRP) cryptocurrency, however, it now supports other coins too. GateHub has two main functions as it not only allows people to store their coins, but it allows people to trade them too!" "The GateHub wallet was originally built to support Ripple (XRP), but now it supports a total of 8 different coins."
"GateHub Ltd is a UK based multinational technology company that specializes in development of financial services and products, which include blockchain based global settlement system, interledger based payment scheme, digital wallet, connector and gateway service." "GateHub is UK-based crypto exchange, owned by London-based GateHub Limited. However, it seems that its founders originate from Slovenia." "Level 3 207 Regent Street W1B 3HH London United Kingdom" "Zaloška 1 1000 Ljubljana Slovenia"
"The wallet allows you to send and receive cryptocurrencies, as well as store them. It is also possible to send coins to another GateHub user by entering their username, which makes it super straight forward in comparison to a lot of other wallets. The wallet is accessed online through a web browser, which is available either through a desktop device, Android or iOS."
"The GateHub platform is the “official” online wallet solution for XRP owners that lets users send funds to other people by using their name, wallet name, Ripple address, or email address. The project has been around for some time now and is clearly designed to cater to as many people as possible. Another interesting thing to mention is that it is also possible to access the trade feature within the wallet itself."
"Password data and other pieces of personal data belonging to as many as 1.4 million accounts on the Gatehub cryptocurrency wallet service, according to a November 20th report by Dan Goodin, Security Editor at Ars Technica. The leaks were discovered by Troy Hunt, a security researcher who runs the Have I Been Pwned security breach notification service."
"Hunt, who created a website that provides information about compromised passwords, haveibeenpwned.com, told Ars Technica that information containing cryptographically secured passwords and personal information for a total of 2.2 million users across two websites have been posted online." "The databases include registered email addresses and passwords that were cryptographically hashed with bcrypt, a function that's among the hardest to crack."
"The person posting the 3.72GB Gatehub database said it also includes two-factor authentication keys, mnemonic phrases, and wallet hashes, although GateHub officials said an investigation suggested wallet hashes were not accessed. The EpicBot database, meanwhile, purportedly included usernames and IP addresses."
"Hunt took a representative sample of accounts from online databases, and said that all emails he checked were registered to accounts from the sites."
"Whether the June hack is related to [this] recent data dump is currently unknown, as is its origin." "The posting of the database means the breach that the wallet service disclosed in July was much bigger than previously thought. Rather than obtaining only access tokens, the attackers also took 2FA keys, email addresses, password hashes, mnemonic phrases, and possibly wallet hashes. What's more, the breach affected as many as 1.4 million GateHub users, not just the 18,473 mentioned in the disclosure. In an email, an unnamed member of the GateHub security team wrote:"
"We are aware of a database posted on RaidForums whose author claims that it belongs to GateHub. The alleged GateHub database is being thoroughly examined by our team, therefore, we are unable to confirm its authenticity at this time. We will make sure to keep you posted of any updates."
"From what we have gathered so far, it does not contain wallet hashes. As mentioned before, we are still verifying its authenticity."
"One of our initial responses to the cyber attack was to introduce re-encryption to all GateHub accounts. With the new re-encryption, all GateHub accounts were re-encrypted and all of our customers had to change their passwords. This was introduced in July 2019."
The statement didn't explain why the investigation has been unable to verify the authenticity of the data 25 days after it was posted and four months after it was first accessed. It was also unclear precisely what officials meant by "re-encrypted."
"There are references to PGP [in the database]," Hunt told me. "There are what appear to be PGP encrypted strings. I'm not sure if that's what they rotated. Are they talking about rotating cryptographic hashes, or are they talking about this section of PGP which is wallet related?"
"GateHub sent notices telling users to change their passwords when the breach was announced, but if you didn”t change your password then, you should do it now. More importantly, users should consider changing their mnemonic phrases."
This exchange or platform is based in United Kingdom, or the incident targeted people primarily in United Kingdom.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| November 14th, 2019 | Main Event | Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
No funds were lost.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
The total amount recovered is unknown.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ 1.4 Million GateHub Accounts' Personal Data Leaked: Report | Finance Magnates (Dec 26, 2022)
- ↑ @aashishkoirala Twitter (Dec 26, 2022)
- ↑ https://gatehub.net/ (Dec 25, 2021)
- ↑ https://www.linkedin.com/company/gatehub-limited/ (Dec 26, 2021)
- ↑ Complete Gatehub Review: is Gatehub Safe to Use? (Dec 26, 2021)
- ↑ https://captainaltcoin.com/gatehub-review/ (Dec 26, 2021)
- ↑ https://find-and-update.company-information.service.gov.uk/company/09311138 (Dec 26, 2021)
- ↑ https://www.crunchbase.com/organization/gatehub (Dec 26, 2021)
- ↑ GateHub crypto wallet hack exposes 1.4 million users - Decrypt (Jan 1, 2022)
- ↑ Password data for ~2.2 million users of currency and gaming sites dumped online | Ars Technica (Jan 1, 2022)
- ↑ Gatehub and EpicBot Hacked; 2.2 Million User Accounts Leaked (Jan 1, 2022)