WARNING: Phishing emails are being sent to our users. Read more here
Dear Valued Customers,
Recently, we have been notified by our customers and community members about funds on their XRP Ledger wallets being stolen and immediately started monitoring network activity and conducted an extensive internal investigation.
Although we have not identified any action or omission by GateHub that may have facilitated or allowed this apparent theft to occur, we apologize deeply to all of our customers for this issue and pledge to get to the bottom of it.
We already sent out an email to all users that might be affected as a result of suspicious API calls with instructions on how to protect their funds.
- If you have received an email from us, please read it carefully and act accordingly. IMMEDIATELY transfer all of your existing balance from XRP Ledger wallets to a hosted wallet. You can find instructions on how to do so here.
- If you have not received an email from us, then we have no reason to believe your account was compromised.
While the investigation is still underway and we can not post any official conclusions just yet here are a couple of findings so far.
API requests to the victim’s accounts were all authorized with a valid access token. There were no suspicious logins detected, nor there were any signs of brute forcing.
We have however detected an increased amount of API calls (with valid access tokens) coming from a small number of IP addresses which might be how the perpetrator gained access to encrypted secret keys.
That, however, still doesn’t explain how the perpetrator was able to gain other required information needed to decrypt the secret keys.
All access tokens were disabled on June 1st after which the suspicious API calls were stopped.
At the moment we estimate that approximately 100 XRP Ledger wallets were compromised. So far it looks like all the victims had their XRP Ledger wallets hosted on GateHub, but we cannot yet rule out that some wallets were not.
To conclude the investigation as soon as possible, we are working closely with a professional IT forensics team to determine whether our system was compromised or not.
Appropriate Law Enforcement Agencies were also notified about these thefts, and we will work diligently with them to help track the perpetrator who did this.
We will post an official statement after the internal investigation has been completed.
Last but not least, we would like to thank the community for offering continuous help.
If you have any information that might help us or law enforcement agencies, please contact us via [email protected].
Enej Pungercar
Founder and CEO, GateHub