GateHub, a popular cryptocurrency wallet provider and asset custodian, has been hit by a hack that exposed the personal data of millions of customers. According to a report from tech news medium ARS Technica, Troy Hunt, the security researcher who helped develop popular cybersecurity index site “Have I Been Pwned,” claimed that EpicBot, a bot provider that serves both GateHub and online game RuneScape, had been hacked, with the personal details of about 2.2 million users on the platform dumped on a popular hacker site back in August.
The GateHub data breach is bigger than previously thought.
2.2 million users breached – one a crypto wallet and the other a gaming bot.
2FA, emails, passwords, hashed recovery keys, encrypted XRP ledger wallets secret keys, first names, last nameshttps://t.co/UASp6iZFrv
— Mike McCarthy (@MikeNerdUK) November 20, 2019
A Treasure Trove of Information
Per the news medium, Hunt confirmed that the entire attack was split into two; the first one, which led to the details of 1.4 million people being leaked, and a second one that contained data of about 800,000 other user accounts. ARS Technica estimated that the entire loot contained about 3.7 GB worth of information, with data sets including Email addresses, passwords, wallet hashes, two-factor authentication keys, and mnemonic phrases.
However, a further investigation from GateHub saw officials deny the claims that wallet hashes were part of the loot. As the officials noted, the absence of wallet hashes means that while personal data of millions of customers were compromised, no private keys were exposed directly.
Hackers Hit GateHub in June
This isn’t the first time that GateHub will be suffering a security breach this year. On June 6, the company published an announcement where it stated that hackers were able to break into about 100 XRP Ledger wallets.
In the statement, the company claimed that it was notified by some of its customers that some of their funds had been stolen. While it was unable to identify any suspicious activity on its platform immediately, it investigated the complaints nonetheless, and found that a few IP addresses had been making an application programming interface (API) calls. The company further predicted that this was where the hackers were able to gain access to encrypted access keys.
1.4 million usernames, wallet hashes, and password hashes have now been dumped by the Gatehub hackers.
— Ray [REDACTED] (@RayRedacted) November 20, 2019
At the time, Thomas Silkjær, one of the people who warned the company about the breach, revealed in a separate report that an account managed through Gatehub.net had stolen hundreds of thousands of XRP tokens from several other accounts.
He went on to state that as of June 5, approximately 23,200,000 XRP (about $9.5 million at the time) had been stolen from between 80 and 90 victims, adding that about 13,100,000 XRP ($5.37 million) had already been laundered across several other exchanges and cryptocurrency tumblers.