In a recent revelation, Chinese police disclosed that four former employees of HTX (formerly Huobi) were involved in implanting Trojans in cryptocurrency wallets, resulting in the theft of over 40,000 user mnemonics and private keys.
The individuals responsible have been sentenced to three years in prison, although the specific amount of stolen cryptocurrencies remains undisclosed.
Ex-Employees of Company A Sentenced for Stealing Virtual Currency Data with Backdoor Program
The case came to light in May 2023 when citizen Ou discovered that his virtual currency, worth millions of RMB, had vanished from his account after checking it at a coffee shop.
Upon investigation, Ou found that his virtual currency had been stolen a month prior.
By analyzing the wallet software, Ou identified a backdoor program that automatically obtained wallet addresses and private keys.
In August 2023, Ou reported the incident to the Xuhui Public Security Bureau, leading to the arrest of suspects Zhang, Dong, and Liu, who were all former Company A employees.
The arrested individuals confessed to adding a backdoor program to the wallet software in early March 2023 to steal users’ private keys. Liu wrote the backdoor program, Dong purchased the server and domain name and encrypted the stolen data, and Zhang set up the server and database.
The backdoor program activated five days after installation, uploading private keys, mnemonics, and other data to a designated database.
After gathering this data, they destroyed the server and database at the end of May 2023, planning to use the stolen keys to access virtual currencies two years later. Despite their plans, they were arrested three months later.
The investigation revealed that the trio had not yet used the stolen data to transfer virtual currencies, including Ou’s. However, they had collected over 27,000 mnemonics and more than 10,000 private keys, converting more than 19,000 digital wallet addresses.
The Xuhui District People’s Procuratorate charged them with illegally obtaining computer information system data.
In April 2024, the Xuhui District People’s Court sentenced Liu, Zhang, and Dong to three years in prison and fined them RMB 30,000 each.
However, the unavailability of Ou’s funds led to further investigation.
Former HTX Employee Sentenced for Virtual Currency Theft Amid Rising Crypto Hacks
Further investigation led to the arrest of another individual, Zhang Yi, a former employee of HTX.
Zhang Yi had embedded a similar backdoor in the virtual wallet software of another platform in July 2021.
He used this to collect private keys and mnemonics, which he sent to his email. In April 2023, facing financial pressure, Zhang Yi used Ou’s stolen private key to transfer all his virtual currency and convert it to other digital assets.
Zhang Yi had illegally obtained more than 6,400 user private keys and mnemonics. Following his confession and partial compensation to Ou, Zhang Yi was sentenced to three years in prison and fined RMB 50,000 by the Xuhui District People’s Court in April 2024 for the crime of illegally obtaining computer information system data.
Chinese police revealed that four former Huobi employees implanted Trojans in wallets and stole more than 40,000 user mnemonics and private keys. They were sentenced to three years in prison. The specific amount of stolen cryptocurrencies was not disclosed.…
— Wu Blockchain (@WuBlockchain) July 26, 2024
According to Wu Blockchain, Company A is suspected to be the original Huobi Company.
In 2023, Wu reported that, due to Trojans set by former employees, the mnemonics or private keys of some users of iToken (the original Huobi wallet) had been leaked.
HTX responded that it was the personal behavior of former Huobi employees before the acquisition to set up Trojans and steal other people’s mnemonics and private keys.
HTX stated that it cooperated with the Shanghai Public Security Bureau to conduct investigations and gather evidence.
Crypto losses from hacks and scams more than doubled in Q2 2024, totaling over $572 million, compared to $220 million in Q2 2023, reports Immunefi. Centralized exchange hacks were the primary contributors.
Despite a 23% reduction in Q1 and continued declines in April and most of May, losses spiked at the end of May and June.
The largest loss was the $305 million Bitcoin theft from DMM on May 31, followed by the $55 million BtcTurk hack on June 22. These two incidents accounted for over 62% of the total losses for the quarter.