infinix flip
yugatech choice awards 2024
Home » How that GCash Hack Attempt Could Have Been Made

How that GCash Hack Attempt Could Have Been Made

Related Stories:

Dax Lucas of the Inquirer 15 shared insider information about the attempted hack on GCash users that amounted to about Php37USD 0.63INR 53EUR 0.60CNY 5 million.

Based on the actions, media advisories, and TV interviews made by GCash, the story seemed plausible. Here’s our theory on how the attempt could have transpired.

1) The culprit (could be a group) has planned this for some time. They already have two bank accounts (East West Bank and Asia United Bank) on standby to receive the funds from multiple GCash transfers. Reports from TV Patrol totaled more than 300 complaints by 11am this morning.

2) Perpetrators routinely collect login information from random and unsuspecting GCash users using several phishing vectors — could be via email, SMS or social media. This usually happens when someone is fooled into clicking a link to manage their bank account, or in this case GCash.

The original deadline for the SIM Registration last April 26, 2023 could have added to the urgency and confusion, making people click on links that pertain to their SIM or to their GCash account. There were rounds of multiple posts on Facebook urging people to cash out their GCash funds or else they will not be able to access it after the deadline of the SIM Registration.

3) Instead of accessing and transferring compromised GCash accounts individually as they go, the culprits had the patience to simply collect all the accounts and wait for the right time to do everything all at once.

This coincides with the Php37USD 0.63INR 53EUR 0.60CNY 5 million figure that Inquirer pointed out.

If they did the transfers as they gained access to each GCash account, their continuous operations would have been detected eventually but the amount would have been smaller. Doing a sweep of hundreds or thousands of accounts in one single night is a much better approach. They know they will be detected and shut down (just like the many previous GCash hacks done by others) but the goal was to get as much money in as shortest time possible and hopefully get away with it.

4) Bypassing GCash security is the next obstacle. Either go by the MPIN + OTP route or the biometrics. Based on GCash’s response of disabling the biometrics login, that is the most likely route that was taken.

There are also claims circulating about an exploit on the GCash system that traces back as early as 2 months ago:

We don’t know the veracity of this claim, but it is being linked to the possibility of bypassing the security.

5) The bank transfers to East West Bank (ending 5239) and AUB (ending 3008) are probably dummy accounts or compromised accounts as well. They could just be pooling the funds here and then transfer it elsewhere where the money can no longer be traced or recovered.

This is the reason why GCash has, until the time of writing this story, suspended the Bank Transfer feature of the app 74.

6) GCash has publicly stated that all the funds are intact and will be returned to the owners. This coincides with Inquirer’s story. Meaning, GCash was able to immediately coordinate with East West Bank and AUB and freeze the two suspected accounts.

This is just a theory and how things could have transpired with the GCash incident. GCash has not made any definitive statement to address this except to reassure its customers that GCash is safe.

Author’s Note: While the term “hack” may not be the most accurate word to use, it is by far the simplest word that a common GCash victim understands.

Abe Olandres
Abe Olandres
Abe is the founder and Editor-in-Chief of YugaTech with over 20 years of experience in the technology industry. He is one of the pioneers of blogging in the country and considered by many as the Father of Tech Blogging in the Philippines. He is also a technology consultant, a tech columnist with several national publications, resource speaker and mentor/advisor to several start-up companies.
  1. Have you not thought also of the possibility that the gcash users who have been hacked are those who subscribed to these trendy new online casino sites and app that are self cash ins where members have to link their gcash or bank accounts to their system and provide otp code to their fly by night non Filipino unknown merchant system so they can successfully do cash ins and play their favorite casino games. If this is the situation then what they did yesterday to those poor gcash users might have just been a test run. And in the future they will do more deductions to unsupecting members in a more unique and unperceivable way.

  2. Additional theory:

    EW and AUB accounts are just use as decoys. To divert the public’s attention. Other stolen funds are just sent to other Gcash accounts that weren’t owned by the hackers.

    They might have used Binance P2P and bought BUSD/USDT using Gcash as payment method as there are unusually high “buy ads” using Gcash only last Monday night on Binance P2P.

  3. Just another theory:
    Every account that got stolen was in on it.

    1. Transfer money to the same bank accounts.
    2. Withdraw or transfer the money already in the bank.
    3. “Victims” make a huge fuss about it in social media.
    4. Gcash gets pressured to return the money somehow.

    Ending, they get x2 the money.

  4. Have you not thought also of the possibility that the g cash

  5. How

  6. Gcash hack

  7. I need Gcash

  8. Gcash hack mpin

  9. Hack po yong gcash ko

  10. 092776*****

  11. Gcash otp mpin

Leave a Reply

How that GCash Hack Attempt Could Have Been Made » YugaTech | Philippines Tech News & Reviews

Yearly Device Database

Smartphone pricelist Philippines 2024

Smartphone pricelist Philippines 2023

Smartphone pricelist Philippines 2022

Smartphone pricelist Philippines 2021

Smartphone pricelist Philippines 2020

Popular Topics

What We Do

YugaTech | Philippines Tech News & Reviews
© 2024. All Rights Reserved.