Chinese police recently revealed that four former employees of HTX (formerly Huobi) planted Trojans in cryptocurrency wallets. This led to the theft of over 40,000 user mnemonics and private keys. These individuals received three-year prison sentences, though the exact amount of stolen cryptocurrencies remains undisclosed.
Discovery and Investigation
The case emerged in May 2023 when citizen Ou noticed that his virtual currency, worth millions of RMB, had disappeared from his account. He discovered this after checking his account at a coffee shop. Ou later found that the theft occurred a month earlier. By examining the wallet software, he identified a backdoor program that collected wallet addresses and private keys.
Ou reported the incident to the Xuhui Public Security Bureau in August 2023. This led to the arrest of Zhang, Dong, and Liu, all former employees of Company A. The suspects admitted to adding a backdoor program to the wallet software in early March 2023. Liu wrote the program, Dong bought the server and domain name, encrypted the stolen data, and Zhang set up the server and database.
Execution of the Plan
Five days after installation, the backdoor program activated and uploaded private keys, mnemonics, and other data to a designated database. They destroyed the server and database at the end of May 2023, planning to use the stolen keys to access virtual currencies two years later. Despite their plans, the authorities arrested them three months later.
Legal Proceedings
Investigations revealed that the trio had not yet used the stolen data to transfer virtual currencies, including Ou’s. However, they collected over 27,000 mnemonics and more than 10,000 private keys, converting over 19,000 digital wallet addresses. The Xuhui District People’s Procuratorate charged them with illegally obtaining computer information system data.
In April 2024, the Xuhui District People’s Court sentenced Liu, Zhang, and Dong to three years in prison and fined each RMB 30,000. Further investigation into Ou’s missing funds led to additional inquiries.
Further Arrest and Sentencing
The investigation also led to the arrest of Zhang Yi, a former HTX employee. Zhang Yi had embedded a similar backdoor in the virtual wallet software of another platform in July 2021. He used this backdoor to collect private keys and mnemonics, which he sent to his email. Facing financial pressure in April 2023, Zhang Yi used Ou’s stolen private key to transfer his virtual currency and convert it to other digital assets.
Zhang Yi had illegally obtained over 6,400 user private keys and mnemonics. After confessing and partially compensating Ou, Zhang Yi received a three-year prison sentence and a RMB 50,000 fine from the Xuhui District People’s Court in April 2024 for illegally obtaining computer information system data.
Company’s Response and Broader Context
Chinese police reported that former Huobi employees planted Trojans in wallets and stole over 40,000 user mnemonics and private keys. They were sentenced to three years in prison. The exact amount of stolen cryptocurrencies was not disclosed.
Wu Blockchain suggests that Company A is the original Huobi Company. In 2023, Wu reported that Trojans planted by former employees led to the leakage of mnemonics or private keys for some users of iToken (the original Huobi wallet). HTX responded, stating that these actions occurred before the acquisition. They confirmed cooperation with the Shanghai Public Security Bureau for investigations and evidence gathering.
Rising Crypto Hacks
Crypto losses from hacks and scams more than doubled in Q2 2024, reaching over $572 million compared to $220 million in Q2 2023, according to Immunefi. Centralized exchange hacks were major contributors. Although losses decreased by 23% in Q1 and declined in April and most of May, they spiked in late May and June. The largest loss was the $305 million Bitcoin theft from DMM on May 31, followed by the $55 million BtcTurk hack on June 22. These two incidents accounted for over 62% of the total quarterly losses.
The post HTX Ex-Employees Sentenced to 3 Years for Stealing 27,000 Mnemonics and 10,000 User Private Keys appeared first on Cryptonews.
