Related Stories:
Dax Lucas of the Inquirer 15 shared insider information about the attempted hack on GCash users that amounted to about Php37USD 0.63INR 53EUR 0.60CNY 5 million.
Based on the actions, media advisories, and TV interviews made by GCash, the story seemed plausible. Here’s our theory on how the attempt could have transpired.
1) The culprit (could be a group) has planned this for some time. They already have two bank accounts (East West Bank and Asia United Bank) on standby to receive the funds from multiple GCash transfers. Reports from TV Patrol totaled more than 300 complaints by 11am this morning.
2) Perpetrators routinely collect login information from random and unsuspecting GCash users using several phishing vectors — could be via email, SMS or social media. This usually happens when someone is fooled into clicking a link to manage their bank account, or in this case GCash.
The original deadline for the SIM Registration last April 26, 2023 could have added to the urgency and confusion, making people click on links that pertain to their SIM or to their GCash account. There were rounds of multiple posts on Facebook urging people to cash out their GCash funds or else they will not be able to access it after the deadline of the SIM Registration.
3) Instead of accessing and transferring compromised GCash accounts individually as they go, the culprits had the patience to simply collect all the accounts and wait for the right time to do everything all at once.
This coincides with the Php37USD 0.63INR 53EUR 0.60CNY 5 million figure that Inquirer pointed out.
If they did the transfers as they gained access to each GCash account, their continuous operations would have been detected eventually but the amount would have been smaller. Doing a sweep of hundreds or thousands of accounts in one single night is a much better approach. They know they will be detected and shut down (just like the many previous GCash hacks done by others) but the goal was to get as much money in as shortest time possible and hopefully get away with it.
4) Bypassing GCash security is the next obstacle. Either go by the MPIN + OTP route or the biometrics. Based on GCash’s response of disabling the biometrics login, that is the most likely route that was taken.
There are also claims circulating about an exploit on the GCash system that traces back as early as 2 months ago:
We don’t know the veracity of this claim, but it is being linked to the possibility of bypassing the security.
5) The bank transfers to East West Bank (ending 5239) and AUB (ending 3008) are probably dummy accounts or compromised accounts as well. They could just be pooling the funds here and then transfer it elsewhere where the money can no longer be traced or recovered.
This is the reason why GCash has, until the time of writing this story, suspended the Bank Transfer feature of the app 74.
6) GCash has publicly stated that all the funds are intact and will be returned to the owners. This coincides with Inquirer’s story. Meaning, GCash was able to immediately coordinate with East West Bank and AUB and freeze the two suspected accounts.
This is just a theory and how things could have transpired with the GCash incident. GCash has not made any definitive statement to address this except to reassure its customers that GCash is safe.
Author’s Note: While the term “hack” may not be the most accurate word to use, it is by far the simplest word that a common GCash victim understands.
YugaTech.com is the largest and longest-running technology site in the Philippines. Originally established in October 2002, the site was transformed into a full-fledged technology platform in 2005.
How to transfer, withdraw money from PayPal to GCash
Prices of Starlink satellite in the Philippines
Install Google GBox to Huawei smartphones
Pag-IBIG MP2 online application
How to check PhilHealth contributions online
How to find your SIM card serial number
Globe, PLDT, Converge, Sky: Unli fiber internet plans compared
10 biggest games in the Google Play Store
LTO periodic medical exam for 10-year licenses
Netflix codes to unlock hidden TV shows, movies
Apple, Asus, Cherry Mobile, Huawei, LG, Nokia, Oppo, Samsung, Sony, Vivo, Xiaomi, Lenovo, Infinix Mobile, Pocophone, Honor, iPhone, OnePlus, Tecno, Realme, HTC, Gionee, Kata, IQ00, Redmi, Razer, CloudFone, Motorola, Panasonic, TCL, Wiko
Best Android smartphones between PHP 20,000 - 25,000
Smartphones under PHP 10,000 in the Philippines
Smartphones under PHP 12K Philippines
Best smartphones for kids under PHP 7,000
Smartphones under PHP 15,000 in the Philippines
Best Android smartphones between PHP 15,000 - 20,000
Smartphones under PHP 20,000 in the Philippines
Most affordable 5G phones in the Philippines under PHP 20K
5G smartphones in the Philippines under PHP 16K
Smartphone pricelist Philippines 2024
Smartphone pricelist Philippines 2023
Smartphone pricelist Philippines 2022
Smartphone pricelist Philippines 2021
Smartphone pricelist Philippines 2020
John L says:
Have you not thought also of the possibility that the gcash users who have been hacked are those who subscribed to these trendy new online casino sites and app that are self cash ins where members have to link their gcash or bank accounts to their system and provide otp code to their fly by night non Filipino unknown merchant system so they can successfully do cash ins and play their favorite casino games. If this is the situation then what they did yesterday to those poor gcash users might have just been a test run. And in the future they will do more deductions to unsupecting members in a more unique and unperceivable way.
Vicky says:
Additional theory:
EW and AUB accounts are just use as decoys. To divert the public’s attention. Other stolen funds are just sent to other Gcash accounts that weren’t owned by the hackers.
They might have used Binance P2P and bought BUSD/USDT using Gcash as payment method as there are unusually high “buy ads” using Gcash only last Monday night on Binance P2P.
idunno says:
Just another theory:
Every account that got stolen was in on it.
1. Transfer money to the same bank accounts.
2. Withdraw or transfer the money already in the bank.
3. “Victims” make a huge fuss about it in social media.
4. Gcash gets pressured to return the money somehow.
Ending, they get x2 the money.
Janet Trumata says:
Have you not thought also of the possibility that the g cash
Faith mia lorica says:
How
Renz says:
Gcash hack
James bontog says:
I need Gcash
Ridzwan says:
Gcash hack mpin
Robert sinugbujan says:
Hack po yong gcash ko
Hilusi says:
092776*****
Gladys manalo says:
Gcash otp mpin