The cryptocurrency exchange Huobi has remedied a data leak that, it is reported, jeopardised users\u2019 assets since June 2021. This was brought to attention by white-hat hacker Aaron Phillips.<\/p>\n
According to him, the breach was linked to the disclosure of credentials granting write access to all Huobi AWS S3 storage buckets. Phillips first notified the exchange of the incident in June 2022.<\/p>\n
\n\u201cAnyone with access to the credentials could alter content on Huobi domains, including huobi.com and hbfile.net. The breach also exposed user data and internal documents,\u201d the researcher said.<\/p>\n<\/blockquote>\n
Phillips says the severity of the breach was significant and could have led to \u201cthe largest cryptocurrency theft in history.\u201d However, he found no evidence that the breach was used to carry out an attack.<\/p>\n
The hacker highlighted vulnerabilities in Huobi’s content delivery networks (CDN) and sites that could enable malicious scripts to be injected. He said the CDNs could have compromised every Huobi login page, potentially affecting every user who visited the site or used the Huobi app over the past two years.<\/p>\n
\n\u201cUsers risked losing their accounts and crypto assets and exposing confidential information such as contact details and balances, including Huobi’s off-exchange trading data,\u201d Phillips added.<\/p>\n<\/blockquote>\n