Hackers have stolen 23.2 million Ripple coins (XRP), worth around $9.5 million, from the GateHub cryptocurrency wallet service users.
The company confirmed about the breach in a statement posted on their website. The users fund has been drained from the GateHub wallets and the company believes that the attacker abused its API to perform the attacks, although it is not sure how it is done.
The company stated that they have detected an increased amount of API calls (with valid access tokens) coming from a small number of IP addresses which might be how the criminal gained access to encrypted secret keys.
Still it is unsure how the criminal was able to gain the required information needed to decrypt the secret keys. The staffs are investigating regarding the incident.
It was after disabling all the access tokens on June 1st that the suspicious API calls were stopped.
According to a report published by XRP Forensics which is a group of XRP community members working to prevent and counter scams on the XRP Ledger, more details about the thefts, like the history of suspicious transactions and 12 of the XRP addresses to which the hacker collected the stolen funds were included.
Thomas Silkjær, a member of the XRP Forensics team stated that it is estimated that around 23,200,000 XRP has been stolen from 80-90 victims, of which 13,100,000 XRP have already been laundered through exchanges and mixer services.
However, he couldn’t determine the method through which hackers stole the XRP funds from GateHub accounts.
GateHub had notified law enforcement and promised to post an official statement once the internal investigation is done.