A security breach of the GateHub cryptocurrency wallet service resulted in the leaking of data and passwords from more than 1.4 million accounts. Data hacking occurred on June 4 of this year, but the stolen information was published last October. The magnitude of what happened was revealed on Tuesday, November 19 after a report by Ars Technica (in which the Australian firm Have I Been Pwned is cited) a site that allows you to verify whether personal data has been compromised.
The report notes that 3.72 GB of information was published on the dark web along with two-factor authentication keys, wallet hashes, mnemonic phrases and user email addresses. A second hack that involved a video game bot provider this time also compromised data from 800,000 accounts.
On its website, Have I Been Pwned mentioned that in October 2019, pirated data of 1.4 million accounts were published, but without specifying whether or not there was theft of funds, something that did happen, according to GateHub. For the agency, the total number of committed portfolios amounted to 1,408,078.
Details on the attack
GateHub issued a statement on July 19 in which it confirmed the attack, but limited it to 18,473 accounts related to its service to the XRP cryptocurrency and not to 1.4 million accounts as the aforementioned firm revealed. Although he did not indicate the amount, GateHub said that there was theft of funds and that they were working with other cryptocurrency exchange houses and purse providers to freeze them, before they were withdrawn.
The Startup highlighted:
“We believe that the author obtained unauthorized access to a database that contains valid access tokens from our customers. With these tokens, the author accessed 18,473 customer accounts, a very small fraction of our total user base.”
One of the users of this service, identified on Twitter as @aashishkoirala, said on November 14 that he received information about the hacking of his account at GateHub. His message on the social network was disseminated, in his own words, to inform if (someone) received any news about a violation or hacking of GateHub.
Not the first time
It was reported on June 5 that 21 million XRP would have been stolen in a hack to GateHub. A day later, GateHub confirmed that it had initiated an investigation after receiving multiple reports in which the theft of funds in its portfolio service was notified. On that occasion the company only spoke of about 100 compromised XRP portfolios.
GateHub also offers a money exchange service, but it is mainly used to redeem bitcoins for XRP. At the time of writing this article the price of XRP in the market was USD 0.2528 per unit, according to CoinMarketCap.