A major security incident has occurred at iToken, formerly known as Huobi Wallet, resulting in the leakage of users’ private keys, according to an exclusive report by Chinese journalist Colin Wu.
Wu revealed in a tweet that the breach was perpetrated by a former employee of leading crypto exchange Huobi. The employee allegedly planted a Trojan virus inside the iToken platform, compromising certain user mnemonics and private keys.
Per Wu, law enforcement authorities have launched an investigation into the ex-Huobi worker responsible for the malicious attack. Meanwhile, he said iToken’s security system detected risks with some wallet addresses and took action to safeguard user assets.
The overseeing security agency also proactively transferred the stolen funds from the impacted wallets to a secure address through the asset recovery service Refundyourcoins. This helped mitigate potential losses for affected users.
Moreover, Refundyourcoins announced it will roll out a function to enable compromised users to retrieve their funds across four major blockchains – BTC, ETH, TRX, and XRP.
Earlier this year, affiliate Huobi Global DAO member Li Wei was accused of amassing a large amount of HT tokens through illicit means, reported. The latest incident highlights lingering insider threats at Huobi despite past episodes.
The breach serves as a stark reminder that centralized platforms like iToken can have single points of failure vulnerabilities. Users are advised to store crypto in private wallets rather than rely on third-party services prone to security risks.
