© 2023 FINBIA. All Rights Reserved.
HomeEditors PickHuobi Discreetly Patches Data Vulnerability Exposing Customer Funds
Editors Pick

Huobi Discreetly Patches Data Vulnerability Exposing Customer Funds

By Siddharth Chaturvedi     July 3, 2023, at 1:55 PM     Updated July 4, 2023, at 8:33 PM
0
16
Huobi Crash

Huobi Crash

Summary: Users' personal information, including email addresses and account balances, was in danger, and they may lose their crypto assets. Huobi said that only a limited number of users' contact information was compromised, and the information did not contain sensitive data. The incident was resolved by the Huobi Security Team.

Huobi, a cryptocurrency exchange, secretly patched a data vulnerability that had exposed customers’ funds since June 2021. According to white hat hacker and citizen journalist Aaron Phillips, the breach resulted from the disclosure of credentials providing write access to all of Huobi’s AWS S3 buckets used for cloud storage.

Could Have Been Largest Crypto Theft

Huobi’s domains, such as huobi.com and hbfile.net, might have been tampered with by whomever gained access to the credentials. Phillips said that it was possible for internal papers and user data to be leaked as well.

Phillips noted the seriousness of the incident by claiming that hackers may “carry out the largest crypto theft in history.” On June 20th, Phillips claimed that Huobi had erased the hacked account. And protected its cloud storage after processing over $10 billion in monthly trade activity.

Phillips could not find any indication that the vulnerability had been used in an attack. Moreover, Phillips drew attention to the fact that malicious scripts might be injected into Huobi’s content delivery networks (CDNs) and websites. He speculated that everyone who has signed onto a Huobi service in the last two years via any of the CDNs might have been affected.

Access to All Piece of Info

Moreover, users’ personal information, like email addresses and account balances, was in danger, and there was a possibility that they may lose their crypto assets. Phillips said that this contained information on crypto “whales” as well as OTC trading data from Huobi.

Problem Resolved

Furthermore, Huobi said that a limited number of users’ contact information was compromised (4,960 to be exact). User accounts and financial security are unaffected, and the sort of information that was disclosed does not contain sensitive data. On October 8, 2022, all user data that was relevant to the case was separated.

Handpicked News: Poly Network Advises Immediate Asset Withdrawal Post Breach

According to the team, there is no connection between the Japanese version of Huobi and the international version of Huobi. On June 21, 2023, after being notified by the white hat team, the Huobi Security Team swiftly closed the relevant file access rights. All affected user data has been removed and the present problem has been resolved.

TagsexchangeHuobi Global
Previous Article

Singapore MAS Imposes Trust Requirement on Crypto Exchanges

Next Article

Yuga Labs BAYC NFT Prices Plummet 88% from ATH

Siddharth Chaturvedi

About us

We are a Global Media Agency offering Latest Unbiased News and Updates on Crypto and Blockchain World. Follow us and stay ahead of the pack. We also cover NFT, Metaverse, and Web 3.0.

Get in touch

Mail: [email protected]
Advertise: [email protected]
Join Us: [email protected]

Our vision

We’re a diverse team of crypto fanatics with qualifications varying from journalism to engineering. We see blockchain and cryptocurrency as fundamentally altering the global industry. 

© 2023 finbia.com. All Rights Reserved.