Keys

A former suspected HTX employee was sentenced to three years in prison for stealing tens of thousands of private keys

ChainCatcher news, according to the official WeChat account of Ping An Xuhui, employees of Company A, Zhang, Dong, and Liu, decided in early March 2023 to add a backdoor program to a certain virtual currency wallet software to obtain user private keys. By the end of May 2023, after saving the stolen private keys and the corresponding digital wallet addresses, the three destroyed the servers and databases, agreeing that these private keys could only be used to illegally obtain users' virtual currency two years later. The three illegally obtained more than 27,000 mnemonic phrases and over 10,000 private keys, successfully converting more than 19,000 digital wallet addresses. In April 2024, the Xuhui District People's Court sentenced defendants Liu, Zhang A, and Dong to three years in prison for illegally obtaining data from computer information systems, and fined them 30,000 yuan.However, strangely, the reporter Ou was not stolen from by the aforementioned three (not yet at the agreed time). Upon investigation, it was found that in another virtual wallet software platform used by Ou, a backdoor program was also implanted by Zhang B, who had previously worked at Company A. In July 2021, he wrote a piece of code in the client code to collect user private keys and mnemonic phrases. When users traded virtual currency, the code would automatically obtain the mnemonic phrases or private keys used by the user for signing operations and send them to Zhang B's email.In April 2023, due to personal financial pressure, Zhang B learned Ou's virtual wallet address through the illegally obtained mnemonic phrases and private keys, transferring all the virtual currency to his own wallet address. Zhang B illegally obtained more than 6,400 user private keys and mnemonic phrases, and was sentenced to three years in prison for illegally obtaining data from computer information systems, and fined 50,000 yuan.It is worth noting that Company A is suspected to be the original Huobi company. In 2023, due to former employees setting up Trojans, some users' mnemonic phrases or private keys of iToken (original Huobi wallet) have been leaked. HTX responded that the Trojan was set up by former Huobi employees before the acquisition, stealing others' mnemonic phrases and private keys. HTX stated that it is cooperating with the Shanghai Public Security Bureau to conduct investigations and evidence collection.
ChainCatcher Building the Web3 world with innovators