Huobi Discovers and Fixes Major Security Flaw Putting Users at Risk

Critical Vulnerability Exposed Huobi's Cloud Storage for Over Two Years, Potentially Allowing Largest Cryptocurrency Theft in History

Huobi, one of the world’s largest cryptocurrency exchanges, found and fixed a security flaw that gave permissions to access its cloud storage. The credentials were out in the open for more than two years.

- Advertisement -

According to white hat hacker and journalist Aaron Phillips, the Amazon Web Services servers that were at risk hosted Huobi’s websites, as well as its CDN (Content Delivery Network).

There was information about its users and internal documentation that could have been leaked because of the bug.

In fact, according to the author of the report, if a hacker had detected Huobi’s security flaw before it was fixed, “he would have had the opportunity to carry out the largest cryptocurrency theft in history.” That’s because the blunder would have allowed him to steal both the accounts and assets of Huobi users.

Although Huobi removed the account exposed in the described security breach, the company still did not delete the file and the credentials can still be downloaded.

Fortunately for the company and its users, no one warned about this leak, which had been online since June 2021. It should be noted that there are no longer any security risks for users of the exchange, although there are privacy risks because of the data that has already been revealed.

Huobi, an exchange where millions are traded

Huobi, a Chinese cryptocurrency exchange founded in 2013, ranks among the top 15 exchanges with the highest daily trading volume in the world, with more than USD 390 million in the 24 hours prior to the writing of this article. For reference, Kraken, the third in this global ranking, trades more than USD 551 million every day.

- Advertisement -

In recounting how he came across this find, Aaron Phillips said, “As part of my effort to look through open Amazon Web Services (AWS) S3 buckets, I found a sensitive file containing AWS credentials. After some investigation, I discovered that the credentials were active and that the account belonged to Huobi.”

Huobi faced some problems in early 2023, following a wave of layoffs at the company. With the memory of the FTX exchange still fresh in the minds of many, rumors sparked a drop in the price of Huobi’s token.

However, the company, which counts renowned entrepreneur and Tron founder Justin Sun on its board of directors, seems to have weathered the storm.

- Advertisement -

READ NEXT

Previous Articles:

- Advertisement -

Latest

Pi, IMX, ZBCN in Focus as Key Token Unlocks Threaten More Losses

The crypto market experienced a sharp drop as Bitcoin fell from $111,900 to below $104,000, resulting in widespread altcoin declines.Investors are closely watching key...

Crypto’s “Inverse Cramer”: Trader Gains Millions Opposing James Wynn

A trader known as James Wynn became notable for a $1 billion Bitcoin short position on the Hyperliquid platform.Other crypto traders have started to...

Bitcoin Drops 10% From Highs Amid Quantum Computing Warnings

Bitcoin dropped nearly 10% from its record high, falling close to $103,000 after reaching $112,000 last week. BlackRock warned that advances in quantum computing could...

Czech Justice Minister Resigns Over $45M Bitcoin Donation Scandal

Czech Justice Minister Pavel Blazek resigned after controversy over accepting and selling Bitcoin from a convicted criminal.The Justice Ministry auctioned nearly 500 Bitcoin, raising...

Uniswap (UNI) Rebounds Above $6 After Brief Uptrend Breakdown

Uniswap's UNI token dropped below its key uptrend line following a failed hold above the $6.00 support level.High trading volumes accompanied the decline, including...

Must Read

Top 5 Testing Tools For Blockchain Applications in 2022

Blockchain apps have been adopted popularly by some prominent industries due to its being a decentralized-designed technology. Furthermore, these apps eliminate the risks that...