Huobi Addresses User Phone Numbers Leaked in the Wake of Binance KYC Hack

Michael LaVere
  • Huobi addressed reports that user information is surfacing in dark-web marketplaces. 
  • Claims that most of the information being offered does not match their database, pointing to third-party hacks to blame. 

Cryptocurrency exchange Huobi addressed the fact that client phone numbers were surfacing online, in the wake of rival exchange Binance’s KYC hack earlier in the month.

Dark Web Sellers

According to a report published by news outlet The Block, several sources have said that Huobi user information has been surfacing on dark web marketplaces. The news comes just week after leading crypto exchange Binance allegedly suffered a KYC breach that saw personal information for users being spread through a Telegram chat. Binance has been hacked before for 7,000 BTC that got stolen off of its hot wallet back in May.

The anonymous sources claim that the same security concerns that implicated Binance in the breach apply to other cryptocurrency exchanges--a fact that has become clearer with Huobi user details allegedly emerging on the dark web. Hackers have been flaunting the sale of user information belonging to Huobi clients for the past week, with one Chinese dark web market offering the data for $0.30 a piece. 

The data in question involves the phone numbers of users and the text messages they received when withdrawing from the exchange, which can be used for a phishing scam by would-be criminals. 

According to the report, 

“One seller, who claimed to be a hacker, promised that these phone numbers are “absolutely real” and can yield a high pick-up rate, suggesting that potential scammers can expect responses when reaching out to these numbers. The hacker even added that these phone numbers’ ‘convert rate is decent for conducting a pyramid scheme.’”

In addition to Huobi, dark web hackers were offering user data from exchanges BIKI, Hetbi and ZDCoin. 

Huobi Responds

The Block was able to reach Huobi head of marketing Ross Zhang, who claimed that at least some of the user data being sold through dark web portals was false. According to Zhang, they ran user data being sold against their own database and found “only a negligible portion of the phone numbers are associated with Huobi accounts.”

He continued, 

“We suspect that the hacker is using Huobi’s name as a gimmick for their own business interests.”

A Huobi spokesperson speculated that the user data being peddled on the dark web may have been acquired through alternative routes, such as a third-party messaging provider. 

Bittrex International Closes Service for More than 30 Countries

  • Bittrex International is closing its service for clients in more than 30 countries, including Venezuela.
  • Users have until Oct. 29 to withdraw their funds from the exchange. 

Cryptoasset exchange Bittrex International will no longer be offering services to clients in more than 30 countries, including Venezuela and Egypt. 

According to the press release, the exchange informed customers residing in the now excluded countries that they would no longer be able to use the services of Bittrex International. 

Users will have until Oct. 29 to remove their funds from the exchange, 

On October 18, Bittrex International informed customers who reside in certain countries (see full list below) that they can no longer use the Bittrex International platform due to regulatory uncertainty. All trading and account access for these impacted customers will be halted on Tuesday, October 29 date at 19:00 UTC/21:00 CEST.

Bittrex International, which is based out of Malta, published a guide for withdrawing funds from the exchange, including a warning that customers must have 3 times the withdrawal fee amount in order to do so. 

Among the countries listed was Venezuela, which caught community members by surprise given the country’s growing adoption for crypto. 

Featured Image Credit: Photo via Pixabay.com