Huobi affected by a leak in 2021

  • User information leaks only concern 4,000 customers
  • The team solved the problem after almost 2 years

China Reporter, citing White hacker Aaron Phillips, reported that in 2021, nearly all information about OTC transactions from 2017 to 2021 leaked from cryptocurrency exchange Huobi on a large scale. At the same time, some customer information, VIP user information and proprietary technical infrastructure were made public.

Huobi reported that the incident occurred on June 22, 2021 due to negligence on the part of employees in the Japanese station’s test environment.. On October 8, 2022, decisive action was taken, and all user information was completely isolated. This incident was discovered by a team of “white hackers,” and Huobi employees immediately responded on June 21, 2023 (10 days ago) by closing the relevant file accesses. The vulnerability was fixed and all user data was deleted.

Huobi subsequently updated the information. They noted that the transaction data mentioned in the article was test data, not real. The leaked user information concerns only 4,000 users, and the log shows that only the “white hat” who claimed to have deleted the information had access to the data. Thus, no data leakage actually occurred.

The white hat itself also concluded regarding this situation: 

“Unfortunately, in the case of Huobi, it is difficult to conclude that they are effectively doing their job. Leaking their credentials is a serious breach, but even worse, the response to this case took months, and even after that, Huobi decided to keep the credentials online. On the other hand, the exchange previously had a reputation as one of the safest. However, this breach jeopardizes that reputation. I have destroyed all personal information and confidential information related to this violation.