Breaking: White hat Aaron Phillips disclosed that the Huobi exchange had leaked nearly all OTC transaction information from 2017 to 2021 on a large scale in 2021; some user information, VIP user information and its own technical infrastructure. Read more: https://t.co/QJx45LHLhg pic.twitter.com/ln6pzpbjin
— Wu Blockchain (@WuBlockchain) July 1, 2023
The leaked data includes OTC transaction information, user information, VIP user information, and technical infrastructure data. The leaked data is said to have occurred between 2017 and 2021.
An attacker exploiting Huobi’s mistakes would have had the opportunity to carry out the largest crypto theft in history. The company has previously reported handling over a billion dollars a day in trading volume. If Huobi hadn’t taken action, this breach could have been leveraged to steal user accounts and assets. The company deleted the compromised account and their users are no longer at risk.
Aaron Phillips wrote in a blog post
Huobi has confirmed the incident and stated that it was caused by the irregular operation of relevant personnel in the S3 barrel of the test environment of the Japanese station. The relevant user information was completely isolated on October 8, 2022.
After the incident was discovered by the white hat team, Huobi’s security team took action on June 21, 2023, and immediately closed the relevant file access permissions. The vulnerability has been fixed, and all relevant user information has been deleted. Huobi has thanked the White Hat team for their contributions to its security.
Huobi’s updated response stated that the OTC data mentioned in the article is not real transaction data, but test data. The user information leak only involves 4,000 users. The log shows that only the white hat team has downloaded the data, and the team has also stated that they have deleted it. Therefore, no actual leakage has occurred.