GateHub, a popular cryptocurrency wallet service, has recently suffered a massive security breach that saw hackers steal 23.2 million XRP tokens from its users, worth nearly $9.5 million. Part of the funds have already been laundered.
According to a preliminary statement posted on the service’s website, the security breach is still being investigated, although it’s believed the attacker abused GateHub’s API to siphon users’ funds out of their wallets. How it was done isn’t clear.
We have however detected an increased amount of API calls (with valid access tokens) coming from a small number of IP addresses which might be how the perpetrator gained access to encrypted secret keys.
To steal the funds, the hacker would’ve had to decrypt the secret keys. Per GateHub, the API calls don’t explain how the attacker was able to get the information required to do so. Since June 1, it adds, access tokens were disabled and the suspicious API calls stopped.
A group of XRP community members working to prevent scams on the cryptocurrency’s blockchain, XRP Forensics, noted in a Medium post that a history of suspicious transactions was found and that the hackers used 12 XRP addresses to collect the funds.
Thomas Silkjær, a member of the group, wrote:
As of writing this report, 2019-06-05 16:00 UTC, we gather that ~23,200,000 XRP has been stolen from 80-90 victims, of which ~13,100,000 XRP have already been laundered through exchanges and mixer services.
The funds were reportedly laundered through various exchanges, including Binance, HitBTC, Exmo, KuCoin, and Huobi. The majority of the funds were laundered through Changelly.
XRP Forensics, despite having a few theories, was also unable to determine how the hackers managed to steal the XRP from GateHub accounts. The firm itself said it notified authorities and is set to release a statement once it completes an internal investigation.
This is notably not the first cryptocurrency-related security incident this week. As covered, the Komodo platform recently hacked itself for $13 million to move funds from unsafe wallets, before hackers could get to them. Komodo’s team is now allowing users to reclaim their funds.