According to the announcement, GateHub’s wallet users are being sent malicious emails from addresses that look like they are from GateHub: “@gatehub.com” and “@gatehub.net.”
The emails instruct the users to transfer their funds to a “secure” wallet, which is owned by the attacker, because their private keys are allegedly compromised due to insufficient security precautions.
GateHub notes that, in addition to the attack being an unaffiliated phishing attempt, the service provider never issues private keys via email. GateHub also published a timeline of its correspondences to customers, so that they can verify whether emails received from GateHub are genuine.
As previously reported by Cointelegraph, GateHub is estimated to have lost almost $10 million from its XRP wallets via an attack discovered at the beginning of June. The attack reportedly affected around 100 wallet holders with about 23.2 million XRP combined.
According to a report by a community member who investigated the attack, Thomas Silkjaer, the aforementioned theft does not appear to be the result of phishing attempts. While Silkjaer was not able to reach a definitive conclusion on what mechanism enabled the multimillion dollar theft, incremental nonces and old database leaks are mentioned as possibilities.
GateHub has since initiated an investigation regarding the possible cause of the hack and has advised several security measures users should take in order to secure their assets.