The big cryptoexchange Huobi has patched a data breach that had the potential to become the biggest breach in crypto history. Without publicly reporting it, Huobi has now fixed the flaw in the system, which had the potential to be exploited since June 2021.
Potentially biggest crypto theft of all time
The vulnerability was discovered by the online security specialist Aaron Phillips. According to him, malicious people could get very sensitive data from Huobi without too much effort. It would even include data such as Huobi’s official admin account, with the rights and access to Huobi’s entire cloud storage.
If the data and administrative rights were used for their own use, malicious parties could make unlimited adjustments to the storage and website of Huobi. An individual could cause enormous damage to the platform with a simple action in this way. In addition to the site and cloud storage, massive amounts of customer data and internal documents could be leaked.
Hubby has according to CoinMarketCap $2.7 billion in financial reserves and handles a daily trading volume of more than $4 billion. Most of this would have been potentially accessible to a hacker. This made the vulnerability in the system perhaps the largest theft in the world history of the crypto industry.
Bug fixed after two vulnerable years
On June 20, 2023, Huobi finally fixed the bug, almost two years after it originated. Huobi’s official account with admin rights has been deleted and a new one has been created. The access data to the account is still there available, but nothing can be done about it. Huobi users are no longer at risk.
Anyone with the data could make adjustments to Huobi’s cloud storage. Phillips, the specialist who discovered it, could easily make adjustments and delete files. The specialist decided to use his findings for good purposes and reported it to the exchange. According to Phillips, no others have preceded him.