Wu said that according to the official WeChat account of Ping An Xuhui, Zhang, Dong, and Liu, employees of Company A, decided to add a backdoor program to a virtual currency wallet software in early March 2023 to obtain user private keys. At the end of May 2023, after saving the stolen private keys and the corresponding digital wallet addresses parsed, the three destroyed the server and database, and agreed to use these private keys to illegally obtain users' virtual currency two years later. The three illegally obtained more than 27,000 mnemonics and more than 10,000 private keys, and successfully converted more than 19,000 digital wallet addresses. In April 2024, the Xuhui District People's Court sentenced the defendants Liu, Zhang A, and Dong to three years in prison and a fine of RMB 30,000 for the crime of illegally obtaining computer information system data.
But strangely, the reporter Ou was not robbed by the three people (before the agreed time). After investigation, it turned out that the virtual wallet software on another platform used by Ou was also implanted with a backdoor program by Zhang, who used to work at Company A. In July 2021, he wrote a code in the client code to collect user private keys and mnemonics. When users trade virtual currency, the code will automatically obtain the mnemonics or private keys used by users for signing operations and send them to Zhang's mailbox via email.
In April 2023, due to personal financial pressure, Zhang Yi learned Ou's virtual wallet address through the mnemonic words and private keys he illegally obtained, and transferred all the virtual currency in it to his own wallet address. Zhang Yi illegally obtained more than 6,400 user private keys and mnemonics. For the crime of illegally obtaining computer information system data, the defendant Zhang Yi was sentenced to three years in prison and fined RMB 50,000.
It is worth noting that Company A is suspected to be the original Huobi Company. In 2023, Wu said that due to the Trojans set by former employees, the mnemonics or private keys of some users of iToken (the original Huobi wallet) have been leaked. HTX responded that it was the personal behavior of former Huobi employees before the acquisition to set up Trojans and steal other people's mnemonics and private keys. HTX stated that it cooperated with the Shanghai Public Security Bureau to conduct investigations and collect evidence.