In a recent incident, Chinese police revealed that four former employees of HTX (formerly Huobi) had implanted Trojans in cryptocurrency wallets, resulting in the theft of over 40,000 user mnemonics and private keys. The individuals responsible have been sentenced to three years in prison, although the specific amount of stolen cryptocurrencies was not disclosed. The case came to light in May 2023 when a citizen discovered that his virtual currency worth millions of RMB had vanished from his account after checking it at a coffee shop. Upon investigation, it was found that a backdoor program inserted into the wallet software was automatically obtaining wallet addresses and private keys. Despite the trio’s plans to use the stolen keys to access virtual currencies in the future, they were arrested three months later.
Further investigation led to the arrest of another individual, Zhang Yi, a former employee of HTX, who had embedded a similar backdoor in the virtual wallet software of another platform in July 2021. He used this to collect private keys and mnemonics, which he then sent to his email. Facing financial pressure in April 2023, Zhang Yi used one of the stolen private keys to transfer all of his virtual currency and convert it to other digital assets. For his crime of illegally obtaining computer information system data, Zhang Yi was sentenced to three years in prison and fined RMB 50,000 by the Xuhui District People’s Court in April 2024. The investigation into these incidents revealed a significant security breach and the risk associated with storing virtual currency assets.
Company A, suspected to be the original Huobi Company, was reported to have experienced a breach where the mnemonics or private keys of some users of iToken (the original Huobi wallet) were leaked due to Trojans set by former employees. HTX responded by stating that the behavior of former employees before the acquisition led to the installation of Trojans and the theft of mnemonics and private keys. The company cooperated with the Shanghai Public Security Bureau to investigate and gather evidence related to these incidents. The rise in cryptocurrency thefts, hacks, and scams reflects the growing risks associated with storing and trading virtual currencies, highlighting the importance of robust security measures and vigilant monitoring to protect user assets.
According to reports from Immunefi, losses from crypto-related hacks and scams more than doubled in Q2 2024, totaling over $572 million compared to $220 million in Q2 2023. Centralized exchange hacks were identified as the primary contributors to these losses, with a significant spike in incidents at the end of May and June. The largest loss recorded was the $305 million Bitcoin theft from DMM on May 31, followed by the $55 million BtcTurk hack on June 22. These two incidents accounted for over 62% of the total losses for the quarter, indicating a pressing need for improved security measures and regulatory oversight in the cryptocurrency space.
Overall, the incidents involving former employees of HTX (formerly Huobi) highlight the potential risks associated with storing virtual currency assets in online wallets and exchanges. By implanting Trojans in wallets and stealing user mnemonics and private keys, the individuals responsible were able to access and transfer significant amounts of cryptocurrency. The involvement of multiple employees in these breaches emphasizes the need for companies to implement stricter security protocols and conduct thorough background checks on their staff. The rise in crypto-related hacks and scams further underscores the importance of robust security measures and regulatory oversight to protect user assets and maintain trust within the cryptocurrency industry. As the industry continues to evolve and attract more participants, ensuring the security and integrity of virtual currency transactions will be paramount to its long-term success.
