Our users are being targeted with phishing emails from spoofed email addresses (email addresses are forged to look like the emails were sent from GateHub, f.e. from @gatehub.net, or support@gatehub.net, or security@gatehub.net or similar).
Phishing emails look like they have been sent by GateHub, however, they were in fact sent by the attacker. The emails are malicious and did not come from GateHub.
Emails instruct users to:
- reset their passwords under the pretext that their password has expired, or
- move their funds to a new hosted wallet supposedly created by GateHub when in fact created by the perpetrator, or
- import XRPL wallet to "Ripple account viewer" supposedly created by GateHub when in fact created by the perpetrator, or
- send some of their account information like wallet balances or old recovery keys in order to avoid getting their accounts disabled, or
- activate their accounts by clicking the provided link in order to avoid being locked. The link is connected to the fraudulent site similar to GateHub's where the user is invited to enter his GateHub account credentials which enable the attacker to access the user's account and funds, or
- whitelist their XRPL wallets for the distribution of the free XRP as part of the Incentive Plan and the Community Support Program.
Be advised
- GateHub WILL NOT create new XRP wallets on behalf of any user. Do not transfer any funds to the unknown address provided in the received emails.
- Never click a password reset link if you haven't requested one.
In case you have requested a password reset please double check the address in the URL bar if it matches https://gatehub.net domain. - Always check the email origin, especially if you find the email suspicious. If you cannot verify the origin of the received email, please refer to the customer correspondence timeline.
- Please note that GateHub will never send sensitive information such as XRP wallet secret keys over email.
What you should do if you receive a suspicious email:
- Ignore the instructions in the email.
- Forward the email to security@gatehub.net.
We strongly advise against saving your sensitive information in your email or any other online storage.
Please see also:
Anti-phishing email security precaution
ATTENTION: Potentially fraudulent sites
Customer correspondence timeline
Examples of the phishing email
The emails invite users to whitelist their wallet addresses to receive free XRP.
The email urges users to activate their accounts by clicking the provided link.
Email instructing users to import their XRPL wallets to the newly created "Ripple account viewer".
Email instructing users to send some of their account information like wallet balances or old recovery keys in order to avoid getting their accounts disabled.
The email urges users to activate their accounts by clicking the provided link in order to avoid getting locked.
Email instructing users to move their funds to a new hosted wallet created by GateHub.
Email instructing users to reset their passwords under the pretext that their password has expired.
Subject: GateHub, Ripple and the Community Incentive Initiative Program / Ripple's announcement in official partnership with GateHub (reported in July 2020)
The emails invite users to whitelist their wallet addresses in order to receive free XRP as part of the so-called Incentive Plan and the Community Support Program. By clicking on "Join the Whitelist", users are redirected to the fraudulent site imitating Ripple, where they have to provide account or wallet credentials which enables the attacker to access the user's account and funds.
Example 1 of the content in the email:
Example 2 of the content in the email:
Subject: Your account has been temporarily suspended (reported in March 2020)
The email urges users to activate their accounts by clicking the provided link. The link is connected to the fraudulent site similar to GateHub's where the user is invited to enter his GateHub account credentials which enables the attacker to access the user's account and funds.
Example of the content in the email:
Dear Customer,
A couple of hours ago we discovered that someone leaked a list of email addresses and passwords on Twitter, claiming the infromation could be used to log in to GateHub accounts. While almost all of the email addresses listed do not belong to GateHub accounts, we are forcing a password reset on any email addresses listed that do have an account with us, including yours.
You will need to login again using the link below to active your account.
Activate account
Note: Always use unique, strong passwords for your GateHub account and never use the same password twice. Do not reuse your passwords on other accounts, such as your personal email account. GateHub staff will never ask you for your password.
Contact
If you have any questions please contact us by visiting http://support.gatehub.net.
We will be more than happy to assist you.
Sincerely,
GateHub Team
Subject: GateHub Security update (reported in February 2020)
Email instructing users to import their XRPL wallets to the newly created "Ripple account viewer" supposedly created by GateHub or create a new wallet on "Ripple account viewer" and transfer their XRP to that wallet. The mentioned light wallet and internet site "Ripple account viewer" are fraudulent and were not created by GateHub.
Subject: Important information regarding your GateHub account (reported in December 2019)
Email instructing users to send some of their account information like wallet balances or old recovery keys in order to avoid getting their accounts disabled. Do not send any of this information to the mentioned emails.
Example 1 of the content in the email
Example 2 of the content in the email
Subject: Account activity state / Account status update (reported in September 2019)
The email urges users to activate their accounts by clicking the provided link in order to avoid getting locked. The link is connected to the fraudulent site similar to GateHub's where the user is invited to enter his GateHub account credentials which enables the attacker to access the user's account and funds.
Subject: Critical Security Warning / Action Required - New Secured Wallets (reported in July 2019)
Email instructing users to move their funds to a new hosted wallet created by GateHub.This is, in fact, an XRP wallet created by the attacker and IT IS NOT SAFE! Do not transfer any funds to the address provided in this email.
IMPORTANT: the warning banner that the email was not verified by GateHub Limited.
Example of the content in the email
Subject: Password reset request (reported in July 2019)
Email instructing users to reset their passwords under the pretext that their password has expired.
Never click a password reset link if you haven't requested one. In case you have requested a password reset please double check the address in the URL bar if it matches https://gatehub.net domain. If you cannot verify the origin of the received email, please refer to the customer correspondence timeline.