GateHub Users Lose $9.7m to Hackers

Written by

Two cryptocurrency firms have come under attack over recent days with users of one, GateHub, suffering losses estimated at nearly $9.7m.

The cryptocurrency wallet service provider sounded the alarm in a statement on Thursday, claiming an investigation had been started after around 100 XRP Ledger wallets were compromised. The firm urged users to transfer their funds from these to a hosted wallet.

An XRP security community revealed in a separate post that, as of Wednesday, 23.2m XRP (Ripple) coins had been stolen, of which 13.1m had already been laundered.

However, the cause of the attack remains a mystery.

“API requests to the victim’s accounts were all authorized with a valid access token. There were no suspicious logins detected, nor there were any signs of brute forcing. We have however detected an increased amount of API calls (with valid access tokens) coming from a small number of IP addresses which might be how the perpetrator gained access to encrypted secret keys,” said GateHub.

“That, however, still doesn’t explain how the perpetrator was able to gain other required information needed to decrypt the secret keys. All access tokens were disabled on June 1 after which the suspicious API calls were stopped.”

The news comes as a separate digital currency platform managed to prevent a major theft of currency with some quick thinking.

Blockchain startup Komodo revealed it discovered an attack targeting its Agama wallet application. Hackers had uploaded malware to a supply chain provider’s software designed to steal cryptocurrency wallet seeds and other login passphrases.

“After discovering the vulnerability, our cybersecurity team used the same exploit to gain control of a lot of affected seeds and secure the funds at risk,” Komodo said. “We were able to sweep around 8m KMD ($12.5m) and 96 BTC ($765K) from these vulnerable wallets, which otherwise would have been easy pickings for the attacker.”

What’s hot on Infosecurity Magazine?