GateHub, a cryptocurrency wallet provider, recently reported that around 100 XRP Ledger wallets were compromised. Reports indicate that over 23 million Ripple coins were stolen (approx. $9.5 million in value) and redirected to various exchanges, where the hackers could presumably convert the coins. Upon the discovery, GateHub contacted its users by email and calls with an immediate action step needed for protection: transfer Ripple wallet balances to a hosted account.
Why a hosted wallet? In a follow-up statement, GateHub explained:
"Our XRP Ledger Wallets are protected with secret keys kept in an encrypted state. GateHub does not have access to users' native RCL wallets and we do not know your encrypted passwords. We cannot move or withdraw assets on your behalf. Only you can do this. Customers who previously received an individual warning e-mail from GateHub and thereafter did not move their funds to their hosted wallets are still at risk of having funds stolen by this thief."
GateHub's follow up statement shows that not all users have taken the steps to protect themselves, and they still don't have their arms wrapped upon the situation. GateHub and XRP Forensics (XRP community-based research group) indicate that the hacker initiated the attack with a valid access token through the GateHub API. What is unknown is how the hacker obtained the access token. GateHub explained the remaining unknown:
"That, however, still doesn't explain how the perpetrator was able to gain other required information needed to decrypt the secret keys."
GateHub continues to investigate the attack and has involved law enforcement. The exchanges to where the coins were directed have also been contacted and ordered to freeze and retrieve customer assets. GateHub also suggests that customers potentially affected reach out to the exchanges and ask that their accounts be frozen, and work with law enforcement in their area.
Regarding the next steps, GateHub is taking additional measures to safeguard all of its wallets. Soon, it will re-generate customer encryption keys and disable the existing XRP secret keys. The new keys will prevent further access under this existing attack. The hack showcases some of the double-edged sword that is cryptocurrency networks. The peer-level security that makes large hacks difficult disallows the service provider to take mass action to remediate on behalf of customers. For the time being, GateHub must rely on customers for self-help to some extent.