On December 22, 2022, a major security breach affected many users of crypto trading platforms, including myself. I want to share my story to raise awareness and seek help in recovering my lost funds.
Setting the Stage
Back on September 26, 2022, I set up an API key for my Huobi account through a third-party platform. This key was meant to be a "read-only" key, ensuring no trading or withdrawal permissions. My goal was to use the platform's tools while keeping my assets safe.
The Shocking Discovery
To my dismay, on February 4, 2023, I discovered that an unauthorized trader accessed my Huobi account using the API key. This intrusion originated from an IP address in Canada, between 14:00 and 23:30 KSA time. No notifications or alerts were received about this breach, despite the security measures I had in place.
The Attack Details
During the breach, the intruder made several changes to my funds and executed numerous transactions without my knowledge or consent:
All my tokens were sold off.
USDD worth $8,500 was purchased.
Using the USDD, Mask Coin was bought at $9.90 and then sold at $4.30. This seemed to be strategically timed with a major price swing on February 5, indicating prior knowledge of market movements.
These unauthorized transactions caused my balance to plummet from 9,500 USDT to 1,700 USDT, a staggering loss of about 60% of my funds. I have documented evidence, including screenshots, proving that these activities were not mine.
Immediate Actions Taken
As soon as I discovered the breach, I changed all my account passwords, including login, trading, and withdrawal credentials. I was able to successfully withdraw the remaining 1,700 USDT, safeguarding what was left of my funds.
I immediately contacted both Huobi and the third-party platform support teams, providing detailed information and evidence of the unauthorized transactions. Unfortunately, the responses so far have been inadequate, leaving me without a resolution.
Seeking Answers and Solutions
Despite my robust security measures, including using a highly secure iPhone, this breach occurred. I have never lost my phone or shared my passwords, making this security lapse alarming. The unauthorized access from Ontario, Canada, raises serious concerns, especially since my account has always been accessed from KSA, and I have never been to Canada.
I have disabled and deleted my API key and application following the API attack in December 2022. I have filed complaints with both platforms, providing detailed information and documentation of the February 5 transactions.
A Plea for Help
I am reaching out to the community and relevant authorities for assistance in recovering my lost funds. I am willing to offer 30% of my recovered portfolio as a reward for any help that leads to a successful resolution.
In Conclusion
This experience has been distressing, and I hope that by sharing my story, I can prevent others from falling victim to similar attacks. The lack of security and accountability from both platforms is concerning. I urge them to take swift action to address these vulnerabilities and assist affected users in recovering their losses.
Disclaimer
The information provided in this article is for general informational purposes only and does not constitute legal or financial advice.
Author & Crypto Consultant
Shahid Jamal Tubrazy (Crypto & Fintech Law Consultant)
Shahid Jamal Tubrazy, a certified top expert in Crypto Law from Duke University, specializes in #cryptocurrency and #blockchain. As a #FintechLawyer, his services cover legal guidance for #ICOs, #STOs, #DeFi, #DAO, and more. With a strong track record and published books on #BlockchainRegulation and #cryptocurrencyLaws, he offers comprehensive expertise in navigating fintech's complexities. #CryptoAML #LockedAssets #FrozenAssets 🌐💼.
EMAIL: shahidtubrazy@gmail.com
Comments