Gatehub Crypto Wallet Data Breach Compromises Passwords of 1.4M Users

Published at: Nov. 20, 2019

A security researcher behind the data breach index site “Have I Been Pwned” said that password data and personal information of 2.2 million users of two websites have been dumped online.

On Nov. 19, Ars Technica reported that security researcher Troy Hunt confirmed that the compromised data belonged to accounts of cryptocurrency wallet, GateHub, and RuneScape bot provider EpicBot.

A total of 2.2 million accounts were breached

According to Hunt, the first haul included personal information for as many as 1.4 million user accounts from GateHub cryptocurrency wallet. The second contained data for about 800,000 user accounts on the self-proclaimed world’s safest all-in-one RuneScape bot provider, EpicBot. 

The stolen information reportedly includes registered email addresses, passwords, two-factor authentication keys, mnemonic phrases, and wallet hashes. GateHub officials said that the wallet hashes were not accessed, according to what an investigation had suggested.

It is not the first time Gatehub has to endure a data breach. In June, hackers were reportedly able to compromise around 100 XRP Ledger wallets, which resulted in nearly $10 million in stolen funds. 

Also in June, Gatehub warned that there was a phishing scam campaign targeting its cryptocurrency wallet users. According to the company, GateHub’s wallet users were receiving malicious emails from addresses that looked like they were from GateHub: “@gatehub.com” and “@gatehub.net.”

Cointelegraph contacted Gatehub regarding these latest developments but had yet to receive a response as of press time. This article will be updated if new comments come in.

Crypto under attack

As technology and security improve, hackers have gotten corresponding more creative with the scams and hacks they carry out. One of the more disastrous hacks in recent years was the Slovenian-based Bitcoin (BTC) mining marketplace, NiceHash. A hacker stole approximately 4,700 Bitcoin, worth about $64 million at the time of the hack in December 2017. The platform called the security breach a highly skilled and organized attack that was carried out with sophisticated social engineering.

Tags
Related Posts
How wallet platforms are taking on exchanges
One of the biggest trends in recent months has seen Bitcoin flow out of exchanges into wallets. Generally, this is interpreted as a bullish sign — indicating that investors are optimistic about further growth in cryptocurrency prices. But delve deeper, and there’s more to this than meets the eye. The crypto industry has grown immeasurably over recent years — making stars out of a number of exchanges. Platforms such as Binance and Coinbase now handle billions of dollars in trading volumes every day. With this come concerns that centralization is creeping in — and fears that major exchanges are becoming …
Blockchain / March 4, 2021
Coinomi Wallet Addresses Vulnerability Concerns
Coinomi Wallet denied recent claims that its software sends wallet recovery seed phrases to Google’s remote spell checker servers in plain (unencrypted) text. The company refuted the claims in an official statement published on Feb. 27. In the statement, Coinomi claims that, unlike what was reported, the seed phrase transmission was encrypted via SSL (HTTPS), with Google being the only recipient capable of decrypting the message. Coinomi notes that the phrase was only transmitted if the user chose to restore his wallet and only on the desktop version. Finally, Coinomi states that the spell-check requests sent to Google were not …
Blockchain / Feb. 27, 2019
What is a seed phrase and why is it important?
How to keep your seed phrase safe A crypto seed phrase in the wrong hands can do damage, so it is advisable to always ensure it is safe. The following are some tips for ensuring your seed phrase is secure. Never share your seed with anyone else: It’s extremely important that you never reveal your recovery phrase to anyone. Why? Because if someone else finds out your recovery phrase, they will be able to access — and therefore control — your crypto funds. Make a note of it on paper and keep it in a secure location: This is the …
Blockchain / Aug. 27, 2022
BitKeep remains on track to fully compensate victims of $8M APK exploit
According to an official Telegram statement on March 1, Singaporean cross-chain crypto wallet developer BitKeep says it has reimbursed 50% of user assets lost during a security breach stemming from Dec. 26, 2022. On the date of the incident, an estimated $8 million was stolen by hackers after BitKeep's APK 7.2.9 (Android Package Kit) installation package was hijacked and swapped. Users who downloaded the malware subsequently saw their private keys compromised, leading to the theft of assets. As told by BitKeep, a total of 6,731 verified addresses were breached during the incident. The firm has since completed reimbursing 50% of …
Blockchain / March 2, 2023
Expert Warns: Don’t Trust Ransomware Groups Amid Pandemic
A cybersecurity expert explained why he is convinced that the promises made by ransomware groups amid the pandemic are irrelevant. Brett Callow — threat analyst at cybersecurity firm Emsisoft — told Cointelegraph that multiple ransomware groups recently made promises to halt their activity against medical organizations amid the coronavirus pandemic. Still, he believes that those promises are irrelevant: “The claims of a ceasefire made by ransomware groups are irrelevant [and] should be completely disregarded. Would you leave your front door unlocked simply because the local burglars had pinky-promised not to rob you? Probably not. The story of the frog and …
Blockchain / April 16, 2020