Huobi Discovers and Fixes Major Security Flaw Putting Users at Risk

Critical Vulnerability Exposed Huobi's Cloud Storage for Over Two Years, Potentially Allowing Largest Cryptocurrency Theft in History

- Advertisement -

Huobi, one of the world’s largest cryptocurrency exchanges, found and fixed a security flaw that gave permissions to access its cloud storage. The credentials were out in the open for more than two years.

According to white hat hacker and journalist Aaron Phillips, the Amazon Web Services servers that were at risk hosted Huobi’s websites, as well as its CDN (Content Delivery Network).

There was information about its users and internal documentation that could have been leaked because of the bug.

In fact, according to the author of the report, if a hacker had detected Huobi’s security flaw before it was fixed, “he would have had the opportunity to carry out the largest cryptocurrency theft in history.” That’s because the blunder would have allowed him to steal both the accounts and assets of Huobi users.

Although Huobi removed the account exposed in the described security breach, the company still did not delete the file and the credentials can still be downloaded.

Fortunately for the company and its users, no one warned about this leak, which had been online since June 2021. It should be noted that there are no longer any security risks for users of the exchange, although there are privacy risks because of the data that has already been revealed.

Huobi, an exchange where millions are traded

Huobi, a Chinese cryptocurrency exchange founded in 2013, ranks among the top 15 exchanges with the highest daily trading volume in the world, with more than USD 390 million in the 24 hours prior to the writing of this article. For reference, Kraken, the third in this global ranking, trades more than USD 551 million every day.

In recounting how he came across this find, Aaron Phillips said, “As part of my effort to look through open Amazon Web Services (AWS) S3 buckets, I found a sensitive file containing AWS credentials. After some investigation, I discovered that the credentials were active and that the account belonged to Huobi.”

Huobi faced some problems in early 2023, following a wave of layoffs at the company. With the memory of the FTX exchange still fresh in the minds of many, rumors sparked a drop in the price of Huobi’s token.

However, the company, which counts renowned entrepreneur and Tron founder Justin Sun on its board of directors, seems to have weathered the storm.


- Advertisement -
- Advertisement -
- Advertisement -


- Advertisement -

Must Read

Read Next
Recommended to you