Huobi, one of the world’s prominent cryptocurrency exchanges, has fallen victim to a major hack resulting in a loss of $8 million worth of Ethereum (ETH). The breach was discovered and reported on September 25, 2023.
The attackers successfully compromised one of Huobi’s hot wallets, which are online wallets designed for quick access to funds, but their very nature makes them more vulnerable to security breaches. The breach allowed the hackers to abscond almost 5,000 ETH before the exchange detected the unauthorized access and promptly disabled the compromised wallet.
Huobi Global investor Justin Sun confirmed the hack on the morning of September 25, 2023, via Twitter, stating, “HTX @HTX_Global has suffered a loss of 5,000 #Eth ($8 million USD) due to a hacker attack.” Sun reassured users that their funds remained secure and the exchange was functioning normally. He added, “HTX has fully covered the losses incurred from the attack and has successfully resolved all related issues.”
According to the Scorechain Exploration tool, there was a suspicious transaction of 4,999 ETH or 7,964,307 USD from Huobi Hot Wallets.
In response to the security breach, Huobi took an unusual step by offering a 5% (around $400,000) white hat bonus to a hacker and not to take any legal action if they returned 95% of the funds before a deadline of 2 October (in Chinese, the picture shows the auto-translation) However, all the stolen ETH remained within the hacker’s wallets until 6 October.
On 7 October, the hacker decided to send the funds of 4997 ETH back to the exchange, leaving the message that “Received your message white hat bonus to 0x1Fc8674A51D6b97C968BE384337519CE7003152B your system hot wallet private key leak, you should change system hot wallet address and reduce the system hot wallet rate.”
This breach serves as a stark reminder of the persistent vulnerabilities within the cryptocurrency landscape. Despite the continuous efforts of exchanges to enhance their security practices, conduct audits, and provide insurance coverage, hackers have shown that they can still exploit weaknesses. Exchanges remain alluring targets for cybercriminals due to the vast amounts of digital assets they hold.
Users can access comprehensive information about the Huobi entity through the Scorechain system, including regulatory updates, risk assessments, onboarding policies, and the list of supported blockchains and wallets.
When the users look at the Huobi entity, the platform swiftly tracks and updates the status to reflect the following information: “This entity has already been hacked: On 25/09/2023, the crypto exchange Huobi.com (HTX Global) suffered a hack representing a loss of 8 million USD.”
The incident underscores the need for enhanced security measures and vigilance across the cryptocurrency industry. Ultimately, the power to secure their assets lies with the users, who can advocate for transparency from exchanges and reduce risks by diversifying their holdings across multiple platforms. It is a sobering reminder that, in the world of cryptocurrencies, security remains paramount, and users must exercise caution and due diligence in managing their assets.
Scorechain Blockchain AML & Compliance solution provides identifying data and risk assessment for all major blockchains. The platform connects to different sources and block lists to provide risk scoring on crypto assets, transactions, addresses, and entities. The risk assessment methodology applied by Scorechain has been verified and is fully customizable to fit all jurisdictions. Customers can monitor infinite possibilities of risk scenarios with a wide range of parameters provided so businesses under the scope of the crypto regulation can report suspicious activity to authorities with enhanced due diligence.
Scorechain, a leading Blockchain Analytics provider based in Luxembourg, distinguishes itself in the rapidly transforming realm of cryptocurrency compliance. With a steadfast commitment to data protection and integrity, Scorechain offers several unique selling points including API-Centric Seamlessness, Fully Automated Monitoring, and Anticipatory Threat Detection with Actionable Insights.