High risk alert! This thing should not be used anymore. Its vulnerability may have caused 23 million XRPs to be stolen.

Thomas Silkjær, Creative Director of 2K/DENMARK, outlined an "potential security breach" in GateHub that may have caused users to lose approximately 23 million XRP.

Screenshot 2019-05-07 Afternoon 3.12.24

GateHub is a wallet and gateway for secure storage/processing of XRP. In an article in Medium, Silkjær wrote that the vulnerability was discovered on June 1, when two wallets were trading about 201,000 XRPs.

Silkjær wrote:

“It turns out that stolen accounts are managed through Gatehub.net, and violating accounts (r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k) steal a lot of money from several other XRP accounts that are likely or have been managed through Gatehub.net.”

Silkjær mentioned that a total of 12 suspicious accounts may suffer financial losses in succession. On May 30, 2018, at 12:25 UTC, the first victim was stolen 10,000 XRP through a transaction.

Over time, so far, about 23,200,000 XRPs of more than 80-90 victims have been stolen by attackers. According to Silkjær, about 13 million stolen XRPs have been whitewashed through exchanges and other mixed-use services.


Yellow represents the exchange and account used to cash out. Blue represents the victim. Red represents 9 suspicious accounts. Note: Some victims may not have transferred funds through suspicious accounts, but instead sent the funds directly to the exchange. Image source: Thomas Silkjær

Silkjær mentions that there is no conclusive evidence pointing to the center of the attack. Attacks can occur in a variety of ways, including phishing, gatehub account hacking, and repeating current flags.

XRP community members warn users to temporarily opt out of using GateHub and maintain strict privacy when sharing private information.

/dev/null/products is an important member of the XRP ecosystem, and he wants to get a response from GateHub on twitter.

GateHub posted an official response to the XRP chat forum, acknowledging that there was a hack, but wasn't sure if it was caused by "GateHub's actions or negligence, which may have facilitated or allowed this apparent theft." The occurrence of behavior".

This response also mentions how an abundance of API calls from a small number of IP addresses can help an intruder obtain an encryption key. The intruder may start from here, but this still does not explain how the attacker obtained "other decryption keys." Necessary information needed."

In addition, GateHub's response also mentioned that about 58 XRP Ledger wallets were stolen, the investigation is currently underway and all information will be updated in the official response.