Security Breach

This week, wallet provider GateHub announced that approximately 100 XRP wallets have been compromised, resulting in a theft of over 23 million XRP, currently worth over $9.5 million at the time of writing!

The announcement stated that owners of the compromised wallets have received an email about the situation and the necessary authorities and specialists have been contacted to help resolve the matter.

“Here are a couple of findings so far. API requests to the victim’s accounts were all authorized with a valid access token. There were no suspicious logins detected, nor there were any signs of brute forcing.

We have however detected an increased amount of API calls (with valid access tokens) coming from a small number of IP addresses which might be how the perpetrator gained access to encrypted secret keys.” – GateHub Preliminary Statement

CTS Newsletter Signup Banner

What Happened?

GateHub has been operating for years. Prior to 2017, it was one of the only platforms for XRP holders to easily store their funds. Now users want answers and are wondering if they will be compensated. Interestingly, some members of the community have already begun to connect the dots…

Thomas Silkjær of XRP Forensics warned about the security breach and came up with interesting findings in a report published on June 5th.

After noticing a large transaction on the XRP ledger of 201,000 XRP, Silkjær dug deeper and identified large transactions from GateHub-managed wallets, with up to 12 suspected accounts identified as receivers of the stolen funds.

On June 1 we were made aware of a theft of 201,000 XRP (transaction F6E9E1385E11649A6C2F88723A821AF209B54030886539DCEF9DDD00E6446948) and immediately started investigation. It turned out that the account robbed was managed through, and that the offending account (r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k) had stolen substantial amounts from several other XRP accounts, likely to be or have been managed through” GateHub Hack Analysis by Silkjær

At the time of writing, wallet r9do2Ar8k64NxgLD6oJoywaxQhUS57Ck8k has over 3 million XRP and has had zero activity in the last four days since the theft, but this could change at any moment.

Over half of the stolen XRP has already begun trickling into other exchanges and transaction mixing platforms.


Yellow dots: exchanges and accounts used to withdraw; blue dots: victims; larger red dots: suspect accounts. Source:

Some of the scenarios considered in the report include bad migration of users’ accounts to updated systems, phishing attacks, or exploits in the GateHub API.

With no official explanation as to the cause of the incident, the report states that the most likely scenario (based on what information is already available) is a breach of data. is a hosted Web wallet that stores the private and public keys of its users, acting as an interface to the XRP ledger.

Alongside GateHub, with the incidents surrounding Cryptopia, Bithumb, QuadrigaCX, and leading exchange Binance still in recent memory, it’s critical to store your digital assets securely. I recently published an easy-to-understand guide on storing cryptocurrencies and critical steps you can take to be safe online.

This is not investment advice; please always do thorough research and only invest what you are willing to lose, especially in times of uncertainty.

CTS Newsletter Signup Banner