Huobi Discovers and Fixes Major Security Flaw Putting Users at Risk

Critical Vulnerability Exposed Huobi's Cloud Storage for Over Two Years, Potentially Allowing Largest Cryptocurrency Theft in History

Huobi, one of the world’s largest cryptocurrency exchanges, found and fixed a security flaw that gave permissions to access its cloud storage. The credentials were out in the open for more than two years.

- Advertisement -

According to white hat hacker and journalist Aaron Phillips, the Amazon Web Services servers that were at risk hosted Huobi’s websites, as well as its CDN (Content Delivery Network).

There was information about its users and internal documentation that could have been leaked because of the bug.

In fact, according to the author of the report, if a hacker had detected Huobi’s security flaw before it was fixed, “he would have had the opportunity to carry out the largest cryptocurrency theft in history.” That’s because the blunder would have allowed him to steal both the accounts and assets of Huobi users.

Although Huobi removed the account exposed in the described security breach, the company still did not delete the file and the credentials can still be downloaded.

Fortunately for the company and its users, no one warned about this leak, which had been online since June 2021. It should be noted that there are no longer any security risks for users of the exchange, although there are privacy risks because of the data that has already been revealed.

Huobi, an exchange where millions are traded

Huobi, a Chinese cryptocurrency exchange founded in 2013, ranks among the top 15 exchanges with the highest daily trading volume in the world, with more than USD 390 million in the 24 hours prior to the writing of this article. For reference, Kraken, the third in this global ranking, trades more than USD 551 million every day.

- Advertisement -

In recounting how he came across this find, Aaron Phillips said, “As part of my effort to look through open Amazon Web Services (AWS) S3 buckets, I found a sensitive file containing AWS credentials. After some investigation, I discovered that the credentials were active and that the account belonged to Huobi.”

Huobi faced some problems in early 2023, following a wave of layoffs at the company. With the memory of the FTX exchange still fresh in the minds of many, rumors sparked a drop in the price of Huobi’s token.

However, the company, which counts renowned entrepreneur and Tron founder Justin Sun on its board of directors, seems to have weathered the storm.

- Advertisement -

READ NEXT

Previous Articles:

- Advertisement -

Latest News

Shopify, Coinbase Launch USDC Payments; Mastercard Expands Crypto Access

Shopify and Coinbase allow merchants to accept USDC stablecoin payments, making crypto transactions easier...

Coinbase Launches Wrapped ADA and LTC on Base, COIN Hits New High

Coinbase has introduced wrapped versions of Cardano (ADA) and Litecoin (LTC) on its Ethereum...

ClickFix Attacks Surge 517% in 2025, Fake CAPTCHAs Spread Malware

ClickFix attacks using fake CAPTCHA verifications have risen by 517% in early 2025, according...

FHFA Orders Fannie, Freddie to Consider Crypto as Mortgage Collateral

The U.S. Federal Housing Finance Agency ordered Fannie Mae and Freddie Mac to consider...

Retail Investors Can Now Buy Tokenized Shares of SpaceX via Blockchain

Retail investors can now buy blockchain-based fractional shares in SpaceX through Republic. These digital tokens...

Must Read

Sushiswap vs Uniswap, What are the differences between these dex?

It's no secret that the world of decentralized exchanges has exploded in recent years. Many of you are probably wondering what the difference is...