Gatehub How Do You Know if Your Gateway Is Connected

GateHub, the cryptocurrency wallet to stay abroad from!

TL;DR (Summary)

• My account rest disappeared, a substantial corporeality of my crypto stolen.
• The thief stole 9.25 ETH and 17,917 XRP. Who knows where this can go one day, to the moon!
• I am convinced GateHub was hacked (or a arrangement glitch) and my wallet was compromised and accessed on GateHub'south side. Yet they decide to arraign me.
• GateHub security is extremely poor (example) and their customer service is awful (and here).
• GateHub does not flinch an eye to endeavour to help discover missing funds or investigate the breach (see below).
• I did not accept 2FA enabled, yet my password is very stiff and 12 characters long; not used anywhere else bar my password manager.
• I am 100% certain my devices were not compromised, and I was non a victim of a phishing attack. I did not click on any weird GateHub url, and had the correct one bookmarked. FYI – there fake GateHub websites going around some time agone and I merely noticed they didn't even bother to Weblog well-nigh it or send their customers email notifications.
• Historically GateHub sent me an e-mail every time I logged in — regardless if it was from a known IP or device. I also got an email on the day the thief accessed my wallet. GateHub still immune access with the thief'south IP address even though I did not "Allow Access" every bit requested past GateHub's email, and I know for a fact my email was not hacked / compromised (see below prototype 1 for email). So why did GateHub allow access to my wallet from an unknown IP address without my approval?
• I traced my funds, see this post **.
• Do not employ GateHub. Something suspicious is going on, read below.
• I am not the only one. I know of other customers that lost 20,100, 62,500, 330,000 and 700,000 XRP to GateHub.
• I have tremendous respect for Ripple (I would not have bought XRP if I didn't, and I know a few Ripple employees personally) and to be clear, this is non about them — it's about the bad practices of GateHub.

** Update (14 Dec): I know where my funds went, and no i can help me! The thief is however active and operating on the known platforms we know and dearest, Changelly, Poloniex and no doubt GateHub.

** Update (3 Jan): I just noticed in my business relationship that the transactions history .csv download choice renders an empty account statement… I downloaded a 'statement' earlier and I can see the history on-screen — and so I am OK — but in that location is now no mode you can download your transaction history. Something is seriously going on here!

Image 1

Lessons Learned

• Individuals/Investors/Corporates: 1. Ensure you security is rock hard and store your crypto offline in a hardware wallet. 2. Use 2FA. three. Trust no one.
• Wallet Providers and Exchanges: 1. Know your risks. 2. Realise one affair, this crypto business concern is non some website or traditional software projection. You are dealing with people'due south difficult earned money and investments. 3. Act like it and ensure your cyber security is hardened and business controls solid. iv. Call on experts if yous demand help, spend the coin and do it properly. five. Look at traditional financial services providers and learn from them in terms of security, customers service and treatment. 6. The regulators are coming, yous won't become away with this for long.

My Story

I accessed my wallet on nineteen Sept 2017 at c.17:twoscore BST and realised my cryptocurrency is missing. Yes, GONE! But simply not in my wallet.

I wondered immediately have I logged into the wrong account (I have ii). I logged out, logged into the other ane, and realise yes, my business relationship balance is truly not at that place. Beingness an accountant, turned auditor, turned take chances and regulatory specialist, you naturally are conscious of the big-bad earth of cyber gamble and take controls (even in your personal life, sadly!) to ensure your assets and investments are safety, safeguarded and independently verifiable in the offline world. Equally nosotros know in the world of crypto, there are no paper bank statements in the post, and so I referred to my records in case I fabricated a late night trade and forgot about it. Merely yes, my expected crypto residue is not reflected in my wallet.

Get-go affair that goes through your mind, HACKED! So I check my devices for any unusual activity, thinking back could there have been an instance somebody got a hold of my credentials, also running through every possibility I can think of in my head, phishing, etc. Zippo suspicious or adverse presents itself. My countersign is strong, 12 characters long made up of upper case and lower instance, letters, numbers and symbols. The only other identify I use the password is for my countersign director. In case you wondering, no, I did not have 2FA setup, but then with a strong countersign it is irrelevant really. Besides up until that solar day GateHub sent me an email every time I logged in from any device, which strangely they stopped doing now!.

Adjacent up, I log in to my GateHub wallet, and download a statement. I could conspicuously see there were ii unknown transactions, both on 19 Sept 2017 (15:08 BST).

The get-go transaction sells/exchanges all my ether (ix.25 ETH/Ethereum) I owned for XRP (Ripple).

The 2nd and last transaction and then transfers all the XRP (32,000) to an unknown address (rHdNRDdqB1hSEHmPvCdnJvLU7W7oQsBGVq) leaving me with a beggarly 46.32 XRP.

I did non recognise these transactions which immediately put me onto my next action, I contacted GateHub Support for answers and of class restitution.

I contacted GateHub Support on nineteen Sept.

GateHub Back up reverted on 20 Sept. A cat and mouse game ensued with their first response being:

Nosotros suggest you to run our platform on Google Chrome browser, equally information technology is optimised for it. This should set your issue with wallet residue.

So I checked, and still no rest (I was on Chrome anyway). I went back to them the same twenty-four hour period and they directed me to the Ripple XRP Charts website. Conspicuously this didn't accost my missing balance. So again, I went back to them on email and asked, where-are-my-coins?!

They decided to only get back to me on 25 Sept, a whole v days afterwards despite me chasing them everyday via email and Twitter. Keep in heed when yous look at their social network handles/accounts the nearly pertinent items on in that location are customers lament most their awful client service.

Equally most of us crypto fanatics know, in the crypto world time is money! Only I digress. This is when they ask me: i) What wallet is affected (WTF?!), ii) Was that an unauthorised transaction? iii) Could you lot provide us with TX Hash? So I responded to all questions, and made information technology clear my respond to (two) is non unauthorised, but unknown! It is then where inside seven mins of me providing this information, that they promptly come dorsum with this well crafted response…

We must inform y'all that due to irreversibility of the ripple transactions, we unfortunately can't refund your losses.

Please consider contacting your local constabulary enforcement authorities.

Of import! We strongly suggest you to take the following measures to better the security of your GateHub business relationship:

ane) Make certain to enable the 2FA for all your GateHub accounts:
More information available here.
Please consider enabling 2FA for the email that account you are using as GateHub login accost. Contact email service provider for assistance.

ii) Reset your login passphrase:
(you will have to utilise the recovery key, which was generated during the registration procedure at gatehub.internet)
Make certain to generate a long, unique passphrase which has never been and never will be used anywhere except at gatehub.net. Proceed it rubber and never disclose information technology anywhere!

3) Delete the wallets that were used for unauthorised transactions every bit they may take been compromised:
Earlier you delete said wallets, make sure to create new ones which will supplant the deleted ones and transfer the funds to newly created wallets. More information bachelor here.

As mentioned above, we strongly advise you to choose a unique passphrase specifically for GateHub only. Keep it rubber.

4) Access log is available in wallet settings, security sub-tab. More information available here.

five) Bookmark GateHub.cyberspace to avoid Google Advertising phishing site frauds.

Follow this thread for contempo security updates.

Additionally, we kindly ask you for your cooperation to help us improve the security of GateHub and ripple network. Please answer the questions below.

a) have you ever received whatever suspicious emails that were emulating the email from GateHub and request for any kind of personal data related to your GateHub account? If then, delight forward it to security@gatehub.net

In futurity, note that we merely employ the xxxx@gatehub.NET domain, be wary of others. We never ask for whatsoever kind of personal information (e.g. login passwords, etc.) via email. Delight keep that in mind for future reference.
On the same annotation, please make sure to always keep your personal data safe and secure.

b) Have you ever used or are even so using any other gateways besides GateHub and Ripple trade, or any other ripple network clients using the same ripple secrets?

c) Take you ever used the aforementioned login countersign on a website other than gatehub.net?

d) Did you lot take 2FA enabled for your account at the fourth dimension of the unauthorised transaction?

If you have answered positively to the questions above we urge yous to change your login countersign and enable 2-step verification.

Every bit I said, a cat and mouse game then connected (I laid out a twenty-four hours-by-day program of my intended actions) and I continuously asked where are my funds, and they continuously responded with the same line:

We advise yous to report the unauthorised transaction(s) to police.

Nosotros are willing to cooperate in the investigation.

Please obtain a legal request, then that nosotros can share required information equally per our Privacy Policy (bachelor here).

So that is where we are. My crypto nevertheless non in my wallet, and they blame me. Taking cipher accountability or responsibleness — not even offering an investigation into my loss — and worst of all are adamant that I written report the affair to the police.

I got to work trying to figure out why did they a) have such a well crafted 'standard' email, b) responded and so rapidly, and c) who is behind GateHub.

I started digging around online and found various instances where they told users to watch out for phishing scammers. Let me be clear: I was not a victim of this, as I have their correct url bookmarked and are very well aware of these risks.

I likewise launched a full blown shit-posting on Twitter to shame them and besides to run across if anyone else were affected. Low and behold, there were other individuals (welcome to get through my history).

All suddenly this post appears on their Web log on 28 Sept…

In early Baronial 2017, GateHub discovered that a criminal had exploited a flaw in an auxiliary eolith processing service, resulting in a net loss of $5 1000000. This represents a small fraction of GateHub's full volume, the overwhelming majority of which is held in secure offline cold storage.

We would similar to assure all GateHub customers that their funds are safe and no customer information has been compromised. Customer balances were not affected and all transactions will be honored in full.

GateHub's shareholders, non its customers, absorbed this loss.

Complete bullshit. Funds are safe? Customer balances not afflicted? Honoured in full? Customers did not absorbed the loss? There is / was obviously a clear flaw or vulnerability somewhere in their infrastructure…

I dug farther and found they operate from the capital of Slovenia and accept a virtual office in Hatton Gardens, London, and their Uk legal entity is GateHub Limited. Their statutory annual accounts are overdue! At the time of writing this by ii+ months.

I also establish they decided to strike off the company dated 31 Oct. This means they are closing downward the legal entity. Why you ask…?? All of the UK Companies Firm documents can be plant hither.

The directors and shareholders are quite surprising, the most notable names being:

George Frost
Greg Kidd
Chris Larsen
Nejc Kodric
Damijan Merlek

I bet yous these esteemed respected gentlemen are / will not be happy with the actions of the poorly qualified individual at the helm of GateHub, Enej Pungercar and co-founder Anzej Simicak.

I also searched the FCA's annals to see if they are registered every bit an exchange or something else, but found zero results. Clearly against good practice, and perhaps illegal.

Yous ask how I got to hear from GateHub, and why I used them? In Apr 2017 I saw them mentioned on the Ripple website and I idea, surely a company similar Ripple volition non just list any wallet provider on their website…well, I was incorrect!

I also saw this on their website, and idea all good!

And so, what I take I done then far, bar writing this stropagram.

• I reported GateHub to the FCA, SEC and United kingdom of great britain and northern ireland Fraud Office.
• Contacted George Frost (establish his telephone number on the internet). He listened to my effect and asked to e-mail him equally he'd similar to hear more. See beneath. This went nowhere!
• Told as many people every bit I could, and go on to do so on Twitter and other crypto online publications.
• Tracing my funds on my own.
• Nonetheless keeping organized religion my crypto will be returned…

UPDATE 1:

I decided to remove the communication between George Frost and I. Simply for the record — this conversation went nowhere and they completely denied any wrong doing.

UPDATE ii:

I noticed the Companies House posted on their website on 11 November the strike off action has been discontinued, with a document to follow. That either means GateHub retracted their request to dissolve (close) the visitor, or creditors or someone else with a vested involvement objected to closing the company, either until liabilities have been settled or something else falls in place — or not at all and GateHub will continue to trade. Details to follow…

UPDATE three:

I recently noticed the other directors of GateHub are founders and shareholders of Bitstamp. Here is an interesting article virtually Bitstamp from July 2015 when they got hacked and lost c.xix,000 BTC (eye watering USD 209m at a BTC = USD 11k).

UPDATE iv: I accept since established my ETH was sold for XRP and then all XRP drained, equally opposed to previously thought where all ETH was drained (transaction a), and a separate transaction transferring XRP I did not own into my account (transaction b) before draining all XRP from my account including my ain (transaction c). Disclosure: this mail service was edited to this upshot.

I accept done my own investigation, details to follow.

Telephone call TO ACTION:

If you take been afflicted by something like by GateHub, please postal service below or go far touch. I'd love to hear from you.

Hopefully we tin can collectively take back what is ours, as well every bit warn those who want to exercise business with these scammers who clearly has no due care and respect when it comes to customer funds.

Before you go…

If yous enjoyed this post, please consider showing your support by clicking on the clapping hands push button, every bit well as sharing information technology on your favourite social networks. Don't hesitate to follow me on Medium, Twitter or LinkedIn to stay continued.

bestgunfoop.blogspot.com

Source: https://medium.com/@rhjvr/gatehub-the-cryptocurrency-wallet-to-stay-away-from-3d483e8440bf

Share this post