In recent news, Chinese police revealed that four former employees of HTX, previously known as Huobi, were involved in implanting Trojans in cryptocurrency wallets, resulting in the theft of over 40,000 user mnemonics and private keys. The culprits have been sentenced to three years in prison, although the exact amount of stolen cryptocurrencies remains undisclosed. The case came to light when a citizen named Ou discovered that his virtual currency worth millions of RMB had vanished from his account. Upon investigation, it was revealed that a backdoor program had been implanted in the wallet software, automatically obtaining wallet addresses and private keys. This led to the arrest of suspects Zhang, Dong, and Liu, all former employees of Company A, who confessed to the crime.
The individuals admitted to adding a backdoor program to the wallet software in March 2023 to steal users’ private keys. Each member had a specific role in the operation, with Liu writing the program, Dong purchasing the server and domain name, and Zhang setting up the server and database. The program activated five days after installation, uploading private keys, mnemonics, and other data to a designated database. Despite their plans to access the stolen virtual currencies two years later, they were arrested three months after committing the crime. The investigation revealed that while they had collected a significant amount of mnemonic and private keys, they had not yet used the data to transfer virtual currencies. Liu, Zhang, and Dong were sentenced to three years in prison and fined RMB 30,000 each by the Xuhui District People’s Court in April 2024.
Further investigation into the theft of virtual currency led to the arrest of another individual, Zhang Yi, a former employee of HTX. Zhang Yi had embedded a similar backdoor in the virtual wallet software of another platform in 2021, allowing him to collect private keys and mnemonics. In April 2023, facing financial pressure, Zhang Yi used a stolen private key to transfer virtual currency and convert it to other digital assets. He had illegally obtained over 6,400 user private keys and mnemonics. Following his confession and partial compensation to the victim, Zhang Yi was also sentenced to three years in prison and fined RMB 50,000 by the Xuhui District People’s Court in April 2024 for illegally obtaining computer information system data.
According to Wu Blockchain, the suspects involved are suspected to be former Huobi employees who implanted Trojans in iToken, the original Huobi wallet. HTX responded by stating that the actions were the personal behavior of former Huobi employees before the acquisition and that they cooperated with authorities to investigate the matter. The rise in crypto hacks and scams has led to significant losses in the industry, with losses more than doubling in Q2 2024, totaling over $572 million, compared to $220 million in Q2 2023. Centralized exchange hacks were the primary contributors to these losses, with the largest loss being the $305 million Bitcoin theft from DMM on May 31.
In conclusion, the involvement of former employees of HTX in implanting Trojans in cryptocurrency wallets and stealing user mnemonics and private keys highlights the vulnerability of virtual currencies to cyber theft. The swift action taken by law enforcement in apprehending the culprits and bringing them to justice serves as a reminder of the importance of cybersecurity in the crypto industry. As the industry continues to face challenges from hackers and scammers, it is essential for companies and users to remain vigilant and implement robust security measures to safeguard their assets and prevent such incidents in the future.
