A security expert has reported that personal data and passwords belonging to users of the GateHub crypto wallet – which makes use of the XRP Ledger protocol – have been dumped onto a hacking community website.
Per media outlet Ars Technica and Tony Hunt of the Have I Been Pwned website, the security breach took place in October this year, with 1,408,078 wallets said to have been compromised. In a separate dump, data belonging to some 800,000 RuneScape bot provider EpicBot account holders has also reportedly been compromised.
The same media outlet stated that databases in question “include registered email addresses and passwords that were cryptographically hashed with bcrypt, a function that is among the hardest to crack.”
The poster of the 3.72 Gb dump said that two-factor authentication keys, mnemonic phrases and wallet hashes are also among the data made available in the dump. The information was leaked on what Have I Been Pwned described as a “popular hacking forum.”
A Twitter user alerted Hunt on November 15, stating that his GateHub credentials had been “found compromised on the dark web.”
@troyhunt Just got word from Experian's IDNotify that my credentials for @GateHub were found compromised on the dar… https://t.co/Gt7XuwduzE— Aashish Koirala (@aashishkoirala)
Gatehub experienced a separate data breach in June this year, when hackers allegedly broke into 100 XRP Ledger wallets, making off with an estimated USD 10 million worth of cryptocurrency.
The wallet provider also issued a warning earlier this year about a phishing attack made using emails made from convincing-looking domain names such as “gatehub.com.”