Gatehub, the XRP wallet, hasn’t had a great 2019, having been hacked for 14.5 million XRP tokens in June, and according to a well-known security researcher they also had millions of user details stolen at the same time. Troy Hunt, the security researcher behind the Have I Been Pwned notification service, raised the alarm after being informed that details of 1.4 million users had been put up for sale on the dark web, and it seems the two incidents might have been related.
New breach: GateHub suffered a breach in June. 1.4M accounts subsequently appeared on a popular hacking forum and included email addresses, mnemonic phrases, wallet hashes and passwords stored as bcrypt hashes. 64% were already in @haveibeenpwned. More: https://t.co/1tAdd30NMF
— Have I Been Pwned (@haveibeenpwned) November 20, 2019
3.72 GB of User Data Stolen
Hunt’s email to affected users states that the hack took place in June this year at the same time as the $6m worth of XRP was stolen. The tranche of information includes email addresses, mnemonic phrases, wallet hashes, two-factor authentication keys, and passwords. Users will be slightly relieved to know that the passwords were cryptographically hashed using the extremely hard to crack bcrypt hash, although this will likely be scant consolation. As well as the Gatehub account details, 800,000 accounts on RuneScape bot provider EpicBot were also leaked, with the combined data haul coming in at 3.72GB.
Gatehub Figures Out by 76x
Hunt puts the date of the breach as June 4, just two days before Gatehub issued notification that users had been reporting wallet hacks. It is likely then that the data breach took place in the days leading up to the hack, suggesting the two events were linked. It also suggests that Gatehub’s initial assessment of the June hack was insubstantial – their official response claimed that 18,437 accounts had been targeted, when in fact the number is almost 76 times this. Anyone using Gatehub is advised to change their email address, password, and two-factor authentication details immediately.