Former Huobi Employees Stole Over 40,000 Private Keys from Users

Four former employees of the cryptocurrency exchange Huobi implanted trojans in client wallets, collectively stealing over 40,000 seed phrases and private keys. This was reported by journalist Colin Wu.

According to case materials, in early March 2023, three individuals, Zhang, Dong, and Liu, decided to add a backdoor program to the wallet software. This allowed them access to more than 19,000 cryptocurrency addresses.

The exact amount of stolen assets has not been disclosed.

In April 2024, the court sentenced Liu, Zhang, and Dong to three years in prison and fined them 30,000 yuan (over $4,000) for illegally obtaining data from computer information systems.

Later, the investigation identified another former Huobi employee, Zhang Mouyi, who also inserted a backdoor into the wallet’s source code, stealing over 6,400 private keys and seed phrases. His criminal activities began in July 2021.

He received a three-year prison sentence and a fine of 50,000 yuan (~$7,000).

In investigating the incident, Huobi cooperated with the Shanghai Public Security Bureau.

Back in November 2023, a hack of HTX and Heco Bridge resulted in losses of $110 million.