Huobi Crypto Exchange Fixes Data Breach, Securing User Assets
Crypto exchange Huobi recently addressed a data breach that had put users’ assets at risk since June 2021. The breach involved the exposure of credentials granting write privileges to Huobi’s AWS S3 buckets, which are used for cloud storage. This allowed anyone with access to the credentials to modify content on Huobi’s domains, potentially compromising user data and internal documents. The severity of the breach was significant, with the potential for carrying out the largest crypto theft in history. Huobi deleted the compromised account and secured its cloud storage on June 20, 2021.
- Credentials granting write privileges to Huobi’s AWS S3 buckets were exposed
- Hackers could modify content on Huobi’s domains, risking user data and internal documents
- Huobi handled over $10 billion in monthly trading volume
- No evidence the breach was used to carry out an attack
- Huobi addressed the vulnerability and secured its cloud storage
Vulnerability of Huobi’s Content Delivery Networks (CDNs)
Subscribe to our Social Media for Exclusive Crypto News and Insights 24/7!
The breach highlighted the vulnerability of Huobi’s CDNs and websites, which could allow for the injection of malicious scripts. This could compromise every Huobi login page and potentially affect all users who logged into a Huobi website or app over the last two years. Such a breach risked users losing their accounts and crypto assets, as well as exposing sensitive information like contact details and account balances.
- Huobi’s CDNs were at risk of malicious script injection
- Every Huobi login page could have been compromised
- User accounts and crypto assets were at risk
- Sensitive information, including contact details and account balances, could have been exposed
Huobi’s Response and Resolution
Huobi responded to the breach by securing its cloud storage and fixing the issue. However, it took months for the white hat hacker who discovered the breach to receive a response from Huobi. The leaked credentials remained online even after the initial notification in June 2022. Huobi finally addressed the issue and deleted all related user information. The exchange clarified that the breach only involved a small-scale leakage of user contact information and did not affect sensitive information or user accounts and funds.
Hot Take
Huobi’s data breach highlights the importance of timely response and resolution when it comes to securing user assets. While the exchange ultimately fixed the issue, the delay in addressing the breach and the prolonged presence of leaked credentials online is concerning. Crypto exchanges must prioritize the security of user data and take immediate action to mitigate any potential risks.
