Beware Huobi/HTX

Beware Chinese sites and HUOBI / HTX

Scope of the Theft

Over 40,000 user mnemonics and private keys were stolen

More than 27,000 mnemonics and 10,000 private keys were collected

Over 19,000 digital wallet addresses were compromised

Shanghai Prosecutors Reveal Details of Former Huobi Employee’s Trojan Horse Incident link

According to a report by The Paper, on August 30, the Xuhui District People’s Procuratorate in Shanghai released a briefing on crimes related to virtual currencies, detailing a case involving former Huobi employees who planted malware to steal users’ private keys.

In March 2023, Liu, Zhang, and Dong conspired to illegally obtain others’ digital wallet private keys and seed phrases by embedding a “backdoor” into an app package. This backdoor collected users’ private keys, seed phrases, and IP addresses, which were then uploaded to a pre-established VPS backend server’s database and later downloaded to a local server.

Liu was responsible for writing the code that requested the upload of users’ private keys, seed phrases, IP addresses, and connecting to the VPS server. Zhang was tasked with setting up the VPS server and database to manage and store the uploaded data, linking the domain name to the VPS server’s IP, and downloading the stolen data. Dong handled the purchase of the domain name from the service provider and implemented the RSA encryption logic.

An investigation revealed that the trio illegally obtained 27,622 seed phrases and 10,203 private keys (after deduplication). These seed phrases and private keys were successfully parsed into 19,487 unique digital wallet addresses.