According to Odaily, three employees of the cybersecurity company 360 have been sentenced for stealing cryptocurrency, with total illegal gains amounting to over 2.5 million yuan. The Shanghai Xuhui District People's Procuratorate accused the trio of exploiting the Yapi remote code execution vulnerability to gain access to a target cryptocurrency website between February 9 and 20, 2023.
The employees, identified as Hong, Yang, and Zhang, used methods such as internal network penetration and trojan implantation to control the internal network servers. After locating the server source code, they analyzed and found the victim's cryptocurrency wallet address and private key. They then constructed false instructions to transfer the cryptocurrency from the victim's wallet address.
Subsequently, they converted the stolen cryptocurrency into other virtual currencies and sold them, resulting in illegal gains of over 2.5 million yuan. The case serves as a stark reminder of the potential vulnerabilities in the digital currency space and the importance of robust cybersecurity measures.