Huobi Wallet hacked for millions by insider, Justin Sun responds: Inherited poison from acquisition

share
Huobi Wallet hacked for millions by insider, Justin Sun responds: Inherited poison from acquisition

On July 16th, the official WeChat account of Shanghai, China revealed a cryptocurrency theft case related to the loss of private keys, involving multiple insiders from centralized exchanges. Media personality and blockchain editor Colin Wu commented here that the implicated exchange is Huobi HTX, closely associated with Justin Sun.

Table of Contents

Millions Stolen from Huobi HTX Users

According to official documents from Shanghai, in May 2023, a user of a certain platform opened a virtual wallet software developed by the platform and discovered that several million RMB worth of cryptocurrency had been transferred out a month prior. The user noticed that the wallet contained a backdoor program for stealing private keys and reported the incident to the authorities in August of the same year.

The case mentioned by the authorities was later revealed to involve Huobi HTX, as confirmed by Sun Yuchen, a global advisor for Huobi.

The Culprits Planned to Wait Two Years Before Stealing

Three Huobi employees were summoned by the police and confessed that they had been stealing users' wallet private keys since March 2023. To evade investigation, the three destroyed the database in May and planned to steal users' cryptocurrency two years later. After investigation by the prosecutor, it was found that the three had not stolen the victims' cryptocurrency, but their actions constituted a crime. The court ultimately sentenced the three individuals to three years in prison and fined them 30,000 RMB each.

If these three individuals did not steal the victims' cryptocurrency, then who did?

The Culprit Was Still Connected to Huobi

Investigations revealed that a former Huobi employee surnamed Zhang had implanted a Trojan horse program into a wallet on another platform since July 2021. In April 2023, due to financial pressure, Zhang transferred the victims' cryptocurrency from their wallets to his own address.

Sun Yuchen: Employees' Personal Actions Before Acquisition

Huobi's global advisor Sun Yuchen responded to a tweet by Colin Wu stating: "The employees who stole private keys were problematic employees recruited during the period before the change of ownership in 2022 when Huobi was owned by old shareholders. The ownership of Huobi changed hands in 2022. After the group conducted financial and code audits in 2023, issues gradually surfaced."

Sun Yuchen quoted Colin Wu's tweet and stated: "The successful solving of this case and the final judgment by the court have sent a clear signal: the country and judicial authorities recognize and will firmly protect virtual currency assets. Stealing virtual currency constitutes a crime, and the country will protect virtual currency assets and combat crimes that infringe upon virtual currency. As a platform, we have an absolute responsibility to protect user assets! Huobi users' assets are absolutely safe and are protected by both the platform and national laws!" However, netizens did not fully agree with Sun Yuchen's statement.

In recent years, many centralized exchanges have developed Web3 wallets through in-house development or acquisitions. For users, asset security is a top priority. Following several incidents of internal theft, winning back user trust will be a major challenge for various wallets.