GateHub Privacy Breach

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

GateHub

GateHub customers had their private information breached, which is suspected to have occurred as part of the June hacking event. (Though GateHub reported at the time that only a limited number of accounts were accessed.) As GateHub already asked their customers to change passwords after the June breach, the impact is limited to information that may be reused on other services.

This exchange or platform is based in United Kingdom, or the incident targeted people primarily in United Kingdom.

About GateHub

"The GateHub platform was created in 2014 by a UK company. When it was first launched, it was built specifically for the Ripple (XRP) cryptocurrency, however, it now supports other coins too. GateHub has two main functions as it not only allows people to store their coins, but it allows people to trade them too!" "The GateHub wallet was originally built to support Ripple (XRP), but now it supports a total of 8 different coins."

"GateHub Ltd is a UK based multinational technology company that specializes in development of financial services and products, which include blockchain based global settlement system, interledger based payment scheme, digital wallet, connector and gateway service." "GateHub is UK-based crypto exchange, owned by London-based GateHub Limited. However, it seems that its founders originate from Slovenia." "Level 3 207 Regent Street W1B 3HH London United Kingdom" "Zaloška 1 1000 Ljubljana Slovenia"

"The wallet allows you to send and receive cryptocurrencies, as well as store them. It is also possible to send coins to another GateHub user by entering their username, which makes it super straight forward in comparison to a lot of other wallets. The wallet is accessed online through a web browser, which is available either through a desktop device, Android or iOS."

"The GateHub platform is the “official” online wallet solution for XRP owners that lets users send funds to other people by using their name, wallet name, Ripple address, or email address. The project has been around for some time now and is clearly designed to cater to as many people as possible. Another interesting thing to mention is that it is also possible to access the trade feature within the wallet itself."

"Password data and other pieces of personal data belonging to as many as 1.4 million accounts on the Gatehub cryptocurrency wallet service, according to a November 20th report by Dan Goodin, Security Editor at Ars Technica. The leaks were discovered by Troy Hunt, a security researcher who runs the Have I Been Pwned security breach notification service."

"Hunt, who created a website that provides information about compromised passwords, haveibeenpwned.com, told Ars Technica that information containing cryptographically secured passwords and personal information for a total of 2.2 million users across two websites have been posted online." "The databases include registered email addresses and passwords that were cryptographically hashed with bcrypt, a function that's among the hardest to crack."

"The person posting the 3.72GB Gatehub database said it also includes two-factor authentication keys, mnemonic phrases, and wallet hashes, although GateHub officials said an investigation suggested wallet hashes were not accessed. The EpicBot database, meanwhile, purportedly included usernames and IP addresses."

"Hunt took a representative sample of accounts from online databases, and said that all emails he checked were registered to accounts from the sites."

"Whether the June hack is related to [this] recent data dump is currently unknown, as is its origin." "The posting of the database means the breach that the wallet service disclosed in July was much bigger than previously thought. Rather than obtaining only access tokens, the attackers also took 2FA keys, email addresses, password hashes, mnemonic phrases, and possibly wallet hashes. What's more, the breach affected as many as 1.4 million GateHub users, not just the 18,473 mentioned in the disclosure. In an email, an unnamed member of the GateHub security team wrote:"

"We are aware of a database posted on RaidForums whose author claims that it belongs to GateHub. The alleged GateHub database is being thoroughly examined by our team, therefore, we are unable to confirm its authenticity at this time. We will make sure to keep you posted of any updates."

"From what we have gathered so far, it does not contain wallet hashes. As mentioned before, we are still verifying its authenticity."

"One of our initial responses to the cyber attack was to introduce re-encryption to all GateHub accounts. With the new re-encryption, all GateHub accounts were re-encrypted and all of our customers had to change their passwords. This was introduced in July 2019."

The statement didn't explain why the investigation has been unable to verify the authenticity of the data 25 days after it was posted and four months after it was first accessed. It was also unclear precisely what officials meant by "re-encrypted."

"There are references to PGP [in the database]," Hunt told me. "There are what appear to be PGP encrypted strings. I'm not sure if that's what they rotated. Are they talking about rotating cryptographic hashes, or are they talking about this section of PGP which is wallet related?"

"GateHub sent notices telling users to change their passwords when the breach was announced, but if you didn”t change your password then, you should do it now. More importantly, users should consider changing their mnemonic phrases."

This exchange or platform is based in United Kingdom, or the incident targeted people primarily in United Kingdom.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

Known history of when and how the service was started.
What problems does the company or service claim to solve?
What marketing materials were used by the firm or business?
Audits performed, and excerpts that may have been included.
Business registration documents shown (fake or legitimate).
How were people recruited to participate?
Public warnings and announcements prior to the event.

Don't Include:

Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

When the service was actually started (if different than the "official story").
Who actually ran a service and their own personal history.
How the service was structured behind the scenes. (For example, there was no "trading bot".)
Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - GateHub Privacy Breach
Date	Event	Description
November 14th, 2019 12:00:00 AM	First Event	This is an expanded description of what happened and the impact. If multiple lines are necessary, add them here.

Total Amount Lost

The total amount lost is unknown.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?