Former Huobi employees were jailed for stealing users’ private keys.
Huobi employees were jailed for stealing users’ private keys
The Chinese police announced that four former Huobi employees received three-year prison sentences for stealing recovery passwords and private keys from over 40,000 users.
These individuals embedded Trojans in wallet software, enabling them to gather sensitive information. The specific amount of stolen cryptocurrencies has not been revealed.
Chinese blockchain journalist Colin Wu reported that Zhang, Dong, and Liu, who were previously employed by Huobi, initiated their criminal activities in early March 2023.
They inserted a backdoor program into wallet software to capture users’ private keys. They retained the stolen keys along with their corresponding wallet addresses until the end of May 2023.
After saving the information, they destroyed the server and database. Their plan was to use the private keys to steal cryptocurrencies two years later, hoping that this delay would lead to their acquittal. However, they were unsuccessful.
Elaborate scheme and execution
Court documents indicate that Zhang, Dong, and Liu stole more than 27,000 passwords and over 10,000 private keys, giving them access to more than 19,000 wallet addresses.
In April, the Xuhui District People’s Court sentenced these individuals to three years in prison and imposed a fine of RMB 30,000 (approximately $4,000) for unlawfully acquiring computer information system data.
One of the victims, identified as Ou, initially remained unaffected by the theft due to the planned two-year delay. However, further investigation revealed that Zhang hacked Ou’s wallet on a different platform. In 2021, Zhang had written code to capture user passwords and private keys.
For this crime, Zhang Yi received a three-year prison sentence and a fine of RMB 50,000 (about $7,000).
In 2023, it was reported that recovery passwords and private keys of iToken (formerly Huobi Wallet) users were compromised due to Trojans set up by former employees.
HTX, the company that acquired Huobi, stated that these actions were the result of former employees’ personal misconduct that occurred prior to the acquisition. HTX has been cooperating with the Shanghai Public Security Bureau for investigations and evidence gathering.
Former Huobi employees were jailed for stealing users’ private keys.
Huobi Employees Sentenced for Cyber Crime
The Chinese police announced that four former employees of Huobi have been sentenced to three years in prison after being found guilty of stealing the recovery passwords and private keys of over 40,000 users.
These ex-employees employed Trojans in the wallet software that enabled them to harvest sensitive information from unsuspecting users. Although the exact amount of cryptocurrencies stolen remains undisclosed, the implications for users are severe.
Details of the Criminal Activities
According to Chinese blockchain reporter Colin Wu, the trio identified as Zhang, Dong, and Liu initiated their criminal operations in early March 2023. They embedded malicious software into wallet solutions that aimed to capture user private keys. The delinquent employees stored the extracted data until late May 2023.
Upon saving this sensitive information, the perpetrators destroyed their server and database, intending to wait two years before misusing the stolen private keys. This method was designed to delay any potential legal consequences. Unfortunately for them, their plan ultimately failed.
Execution of the Scheme
Legal documentation reveals that Zhang, Dong, and Liu successfully pilfered over 27,000 passwords and more than 10,000 private keys. This daring operation granted them access to over 19,000 individual portfolio addresses.
In April, the Xuhui District People’s Court sentenced these individuals to three years in prison and imposed fines totaling RMB 30,000 (approximately $4,000) for illegally acquiring computer information system data.
The Case of the Victim
One notable victim, identified as Ou, initially escaped the effects of the theft, given the two-year waiting period the criminals had planned. However, ongoing investigations uncovered that Zhang had also compromised Ou’s wallet on a different platform using hacking techniques learned in 2021. For this act, Zhang Yi received an additional three-year prison sentence along with a fine of RMB 50,000 (roughly $7,000).
The Fallout and Response from Huobi
The year 2023 also saw revelations concerning the exposure of recovery passwords and private keys from iToken, formerly known as Huobi Wallet. This data breach, attributable to the malicious Trojans set up by the former employees, raised serious concerns within the cryptocurrency community.
HTX, the company which acquired Huobi, publicly stated that the actions of these former employees were entirely personal and occurred prior to the acquisition. HTX has proactively collaborated with the Shanghai Public Security Bureau to facilitate investigations and collect essential evidence.
Preventing Cryptocurrency Theft: Tips for Users
- Enable Two-Factor Authentication (2FA): Ensure that your wallet and accounts are protected with 2FA to add an extra layer of security.
- Use Hardware Wallets: For significant amounts of cryptocurrency, consider using hardware wallets to safeguard your private keys.
- Be Aware of Phishing Attacks: Always verify links and sources before entering sensitive information to prevent phishing attempts.
- Regularly Monitor Accounts: Keep an eye on your wallet addresses and transaction history to identify any unauthorized access immediately.
Understanding the Legal Implications
The sentencing of these former Huobi employees highlights the legal risks associated with cyber crimes in the cryptocurrency space. Such actions not only compromise user security but also result in severe legal and financial consequences for the perpetrators. It serves as a stark reminder of the importance of robust security measures in the evolving digital finance landscape.
Case Studies: Other Cyber Crimes in Cryptocurrency
| Year | Incident | Outcome |
|---|---|---|
| 2019 | Bitfinex Hack | Over $70 million stolen; no arrests made. |
| 2020 | KuCoin Hack | $275 million stolen; partial recovery achieved. |
| 2021 | Poly Network Attack | $610 million stolen; most funds returned after negotiations. |
Real-life Experiences from Victims
Victims of cryptocurrency theft often share harrowing experiences of loss, not only financially but emotionally as well. Many express feelings of betrayal when a trusted company is involved. Some victims report they had no prior experience with security risks, while others had relied on the reputation of their chosen platforms. Constant education on security protocols and potential vulnerabilities can make a significant difference in avoiding such tragic outcomes.
