1.4 million users of the GateHub cryptocurrency wallet have had their details leaked on the dark web, according to computer security researchers from Have I Been Pwned.
GateHub is a widely used wallet for multiple cryptocurrencies, including Bitcoin, Ripple, Ethereum, and Augur. It also features an integrated exchange function.
Information stolen during the breach, which occurred in June 2019, has only just started to surface online. The attackers supposedly gained access to a database that held valid access tokens for GateHub customers.
However, official statements from GateHub at the time indicated that a much smaller segment of its users had been affected in the breach.
GateHub claimed that 18,473 encrypted customer accounts were affected, which the company said was “a very small fraction of our total user base”.
One user was notified by Experian that his data had been leaked, whose IDNotify service scours the web to find leaked user data.
In a recent tweet, Aashish Koirala revealed that his credentials had been “compromised on the dark web”.
@troyhunt Just got word from Experian's IDNotify that my credentials for @GateHub were found compromised on the dark web. FYI in case you were getting any news about a GateHub breach or hack.
— Aashish Koirala (@aashishkoirala) November 14, 2019
Valuable data stolen
Hackers made off with basic user data from GateHub such as email addresses and passwords, but it’s believed that mnemonic phrases and wallet hashes were also stolen during the attack.
GateHub user passwords were cryptographically encrypted using bcrypt hashes, which is among the hardest encryption protection to gain access to.
According to technology site Ars Technica, a hacker posted a huge 3.72 GB database of GateHub user information to a popular hacking site on the dark web, presumably to sell to other fraudsters. The hacker also claimed to have access to two-factor authentication keys.
The attackers have now proven that the significance of the data they made off with was much greater than GateHub officials previously believed.
How do hackers use this data?
Not all of the stolen data offers a complete way for hackers to access accounts. Likewise, following a mandatory password change after the attack in June, it’s unlikely that attackers will be able to access GateHub user accounts. But despite this, the data is still valuable.
Attackers can use the lifted data for ‘credential stuffing attacks’, which use thousands of automatic login requests to force entry to other user accounts.
Likewise, many hackers rely on users having poor password security and using the same email and password combination for multiple accounts.
To read more about cryptocurrency wallets and how to stay safe while you’re using them, read our wallet guides.
Disclaimer: The views and opinions expressed by the author should not be considered as financial advice. We do not give advice on financial products.