On April 4th, 2018, coins from my Huobi account were stolen. How this happened, I’m not sure, but I have screenshots to support everything in this article. What I do know is:
a) 15,751 USDT and 2450 EOS were transferred out of my account on April 4th
b) I had 2FA installed
c) Huobi customer support is useless
d) The thief screwed up — he didn’t clean me out
You read that right — I still had coins in my account. For some reason the thief didn’t clean me out. It looks like they transferred out the maximum they could on April 4th and then chose not to come back for the rest. The saving grace is that my withdrawal limit is still small at Huobi; I was waiting to be verified for a higher level when this happened. The last couple days I’ve been transferring out the rest of the balance to my Ledger.
Here’s how it went down:
- The thief logs in on April 4th from this IP address (18.104.22.168)
2. The thief proceeds to convert 15175.89 USDT into BTC, and sells 2034.99 EOS for BTC (aw man… it’s one thing to have your coins stolen, it’s another thing to have them stolen by a bad trader)
3. The thief transfers out 3.91 BTC to this address: 16jzR2LBmZuRYgXN63f7yuVSiw5yQ3s91B
Then he disappears and never returns to my account.
When I log into my account on April 8th, I’m surprised to see that 2FA is not enabled. That’s strange. I always use 2FA. But this time I just enter my email and password, and voila! I’m into my account. I immediately notice that my balances look different. I also check my account settings and receive a further surprise — Huobi tells me “my ID verification has been approved” — but the name and nationality are not mine! My name is Kris and I’m from Canada. I do not know a Matthew Charles Le Compte from the United States. I wish I did — maybe he has my coins.
Naturally, my next step was to contact Huobi customer service, thinking they had authorized the wrong person to use my account and this was all some terrible mix-up. Here is what I wrote:
“Something is very wrong with my account.
I applied for ID verification a while ago but I believe you have verified the wrong person. I checked my account today and it says the account belongs to someone named Matthew Charles Le Compte! This is not me. My name is Kris xxxxxxxx and I sent you my ID documents a while ago.
The transactions on April 4th are not from me! Someone gained access to my account, converted EOS and USDT to BTC and transferred the BTC out on April 4th. I have lost 3.91 BTC from my account. These transactions were not from me. I had 2FA installed on my account, but now it is not installed and not accurate when I try to enter.
Something is wrong. Please open an investigation immediately.
Huobi replied to me a few hours later:
Not the response I was anticipating or hoping for. Out of everything I wrote, customer service asks me what problem I encountered when binding Google. Okay, he’s not fully understanding the situation, I think to myself. Let’s try this again:
These are the problems:
1.) On April 4th someone hacked my account and stole 3.91 BTC
2.) You have incorrectly verified some person named “Matthew Charles Le Compte” to my account (see attachment). This is not my name. My name is Kris xxxxxxxx.
3.) The Google 2FA I linked to my account is no longer turned on
4.) I cannot turn on 2FA because the codes I am entering do not work
Please help me get the 3.91 BTC returned to my account. I would hate to have to tell people I have been hacked at your exchange.
Customer service replies with this:
Hello, it is no problem to check your transaction at the moment, and please check whether your mailbox is safe, if you need to change it into other mailbox numbers in time, and see that your Google is not in use. Please click on the top right corner of the web page — reverse triangle — point account security — enable a Google verification code, so you can next time When you withdraw money, you need Google verification code. For safety, I suggest you operate as soon as possible. If you have other questions on the right, please reply to us in time.
Huobi Pro Customer Service Center”
I’m not sure what part of “I cannot turn on 2FA because the codes I’m entering do not work” customer support is not understanding. Even when I generate a new 2FA code, it doesn’t work. Something is clearly wrong with my account, but I’m getting nowhere with Huobi customer service.
So I here I am, writing this article.
I don’t think I will ever get the coins returned to me. But one thing I am sure of — I will never use the Huobi exchange ever again. It’s full of glitches, they have weak security, and they authorized the wrong person to my account.
Never again Huobi.