By CCN.com: Gatehub Founder and CEO Enej Pungercar wrote a public letter disclosing that the company’s infrastructure had been compromised and at least 100 wallets were likely affected. The letter explains that an exploit was located in the company’s API, which enabled certain wallets to be affected. Users were urged to get their money off of Gatehub and into other XRP wallets while the issue was investigated.
Most cryptocurrencies have some form of a web wallet. For some, like Monero and Ethereum, web wallets represent a large portion of users. Maintaining a full node of either software is a labor-intensive process. Most people prefer to simply log in, do business, and log out.
The same, of course, holds for XRP. Gatehub is one of several services that enable people to quickly create XRP wallets. Accordingly, a good number of these wallets were recently compromised.
“API requests to the victim’s accounts were all authorized with a valid access token. There were no suspicious logins detected, nor there were any signs of brute forcing. […] We have however detected an increased amount of API calls (with valid access tokens) coming from a small number of IP addresses which might be how the perpetrator gained access to encrypted secret keys.”
Gatehub is reportedly still working to figure out what happened and whether their system remains at risk. Working with law enforcement and security professionals, the firm hopes to get things back to normal soon.
Will people still trust them? It’s a big question in this space, and you never know what will happen.
Their transparency when an issue arose might be admirable, but what’s the next thing that will happen?
This is the way people will view the situation.
This will likely be the case, at least for a while, as the consideration of the hack is hard to ignore. What if the hackers had been planning a more massive attack but wanted to figure out how loud their activities would be? Was there something special about the vulnerable XRP wallets? These details haven’t been made public yet. The Ripple wallet service provider says they’re still figuring all that stuff out.
To use any crypto safely, it’s best if you operate in an environment where only you control your private key. When this is the case, you don’t have to worry about unauthorized transactions being called up by API. You don’t have to worry about suddenly losing access to your funds because someone else in the service got hacked. You always have access to your funds.
You don’t necessarily have to run a full node to do so. Many wallets allow you to own your private key while still not having to run a full implementation.
Last modified: July 2, 2020 7:26 PM UTC