Breach, Threat Management, Threat Management, Data Security

Stolen GateHub and EpicBot credentials spotted on hacking forum

Millions of credentials stolen from the GateHub cryptocurrency wallet service and gaming bot provider EpicBot were reportedly posted on popular hacking forum site RaidForums last month, along with other personal information.

Roughly 2.2 million accounts were affected – 1,408,078 of which belong GateHub users, while 816,662 were created by EpicBot users, according to security researcher Troy Hunt, who has added the dumped data sets to his Have I Been Pwned? website.

London-based GateHub, whose service allows users to store, send and exchange Bitcoin, Ripple, Ethereum, Ethereum Classic and Augur cryptocurrencies, acknowledged last June in a company blog post that it had suffered a data breach in which a malicious actor infiltrated a database holding valid access tokens. However, the company said that only 18,473 accounts were potentially affected and only 103 XRP (Ripple) Ledger wallets suffered losses. These numbers pale in comparison to the 1.4 million accounts found posted on the hacking forum, which suggests a possible discrepancy.

On his website, Hunt said the compromised data set includes email addresses, mnemonic phrases, wallet hashes and passwords stored as bcrypt hashes. GateHub, however, reportedly disputes the existence of wallet hashes.

"We are aware of a database posted on RaidForums whose author claims that it belongs to GateHub. The alleged GateHub database is being thoroughly examined by our team; therefore, we are unable to confirm its authenticity at this time. We will make sure to keep you posted of any updates," said member of the GateHub security team via email, according to a report by Ars Technica. "From what we have gathered so far, it does not contain wallet hashes. As mentioned before, we are still verifying its authenticity."

GateHub added that in response to the attack, the company in July 2019 re-encrypted all of its users' accounts and customers were forced to change their passwords.

Ars Technica reports that the stolen GateHub data was posted on RaidForums on Oct. 25, the very same day the lifted EpicBot data was posted on the same forum.

EpicBot, which offers bot programs that automate various player functions in the massively multiplayer online role-playing game RuneScape, suffered its breach in September.

Hunt said the exposed data in this case included usernames, email and IP addresses, and passwords stored as either salted MD5 or bcrypt hashes.

"EpicBot did not respond when contacted about the incident," said Hunt.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.