The cryptocurrency wallet service GateHub was hit by a cyber heist that netted 23.2 million Ripple coins (XRP), worth nearly $9.5 million.
The incident is still under investigation, but researchers at the firm believe the hacker abused its API to carry out the attacks, albeit it is unsure how.
“We have however detected an increased amount of API calls (with valid access tokens) coming from a small number of IP addresses which might be how the perpetrator gained access to encrypted secret keys,” the company said in a June 6 release.
“That, however, still doesn’t explain how the perpetrator was able to gain other required information needed to decrypt the secret keys.”
Researchers at XRP Forensics were made aware of the theft on June 1 and found the cryptocurrency was stolen via GateHub and immediately contacted the firm to alert them to the issue, according to a June 5 blog post.
While they couldnt’ conclude exactly how the attack took place, researchers considered the attack may have been the result of account hacks, phishing, repeating nonce, and incremental nonces, RippleTrade migration, browser client hacking, or old database leak.