Author

Topic: [Warning] Even the official links aren't safe anymore. (Read 350 times)

full member
Activity: 462
Merit: 117
This should serve as a warning to newbies and other members who like leaving their assets to centralized exchange. Centralized exchange can not guarantee their own safety not to talk of investors funds and assets. Huobi should be amongst the top 5 world known exchange but yet they had suffered hack. This should be a lesson to people holding or using centralized exchange for savings.

I have this feelings that most of this big time hacks always have the hands of an insider leaking out information and also a regular pattern being used by the exchanges repeatedly also makes it porous for a breach of security codes which paves way for hackers venturing or targeting that exchange to succeed in their act. From the looks, that telegram link was planted by the hackers after they gained access to their site.

Lastly, it should be known that your 12 or 24 key phrase is your personal property and at such should be guarded with utmost caution. Do not give anybody your keys otherwise you stand loosing your assets to scammers. Remember "not your keys, not your coins".
newbie
Activity: 129
Merit: 0
When we advice and warn newbies on here about clicking on random links, we always end them advice with finding official links to everything, including software for PCs or apps for smartphones, but today I screamed out loud, saying...

 Angry it wasn't supposed to be the official link  Angry

I planned to sell my BTC on the Huobi exchange, and I am not new to this exchange at all, I know about their official links, including their Twitter account, telegram, and discord channel, but something new happened.

I login to my huobi account as usual and I got a message that they stop the BTC deposit for some maintenance until further notice, cool and acceptable, but I was curious to know when the deposit will be back, so I click on their official telegram link.

Before you ask why the link when I am not new to the exchange, I joined too many telegram channels and scrolling through them to find huobi telegram seen annoying so I went through the exchange link.

https://i.postimg.cc/zfRvgh2H/Screenshot-2023-09-25-09-00-42-874-com-android-chrome-edit.jpg


Here is what popped up after clicking on the link

https://i.postimg.cc/zXJkFDrG/Screenshot-2023-09-25-08-58-53-919-org-telegram-messenger-edit.jpg

They are trying to give me money, that I don't work for, $1000 USDT, and the funny part is the official telegram channel do open up as well, and it's the old popular Huobi telegram channel that I've always used, now this crap is asking me to insert my recovery seed to claim this free $1000 USDT.

For the fact that I click on the official Huobi telegram group, this is enough to confuse some people to insert their recovery seed, like what the hell? Coming from the official link? Like I share this to educate mostly crypto beginners, even if it's a messiah that comes asking for your recovery seed, you will be a fool to have trust them, do not trust any body with your recovery seed, it's yours and it should be yours only and privately.

Peace ✌️

Isn't there a method via which you can test for the authenticity of the exchange links before going further? Exchanges needs to implement this. I mostly use Bitget for transactions and the sorts and they have a method via which you can verify links, staffs etc.  
hero member
Activity: 2520
Merit: 952
Would usually go to Twitter/Discord to find official links of particular platform, however recently handles on these channels get frequently hacked and scammer change 'official' links soon after, myself was recently phished similar way.

What's the way? Now, check for links on multiple social medias of that platform, previously it used to be only 1 (mostly Twitter), and hope not everything is hacked in single go.

If it's something popular, there will be other people cautioning you, too.
full member
Activity: 1176
Merit: 140
No it's not a clone because I have app running on my smartphone as always, like I've said I am already a member of their official telegram group, even if it's clone it won't never direct me to the official telegram group, but this opened up two link, one is the official telegram and the other is the telegram channel asking for my recovery seed.
If that's the case, the hackers must have messed up with the source code of the platform and placed an extra ref tag that opens up two links by clicking on the official link and users are redirected to the scammer's telegram account where he is pretending to be the officials and scamming people out of their money. This must be reported and they should check all the links and refs in their source code and rectify all of them if they are compromised.

All in all, free things are bad, many people are able to believe the link because its from the official platform itself, if you are able to doubt that I did something wrong, it shows that if you are 100% of the link you visiting you will also have given up your recovery seed.
As they say, there is no free lunch. So, people need to understand and remember such things that no one will give us $1,000 USDT for doing nothing and there must be a catch behind that and they shouldn't just give away their private keys or seed phrases just like that.
legendary
Activity: 2576
Merit: 1655
It's obvious a fake site @OP, so it's not the official link. But I do agree that everyone is not safe on the world that we live in crypto. Everyone can be deceived by this scammers as they are good at impersonating this site and it looks like it's the very official site.

So lessons here is that even if we thought that the link official, we will have to double or triple check everything as once we fall for it, there is no coming back. So it's good that you are giving warning to everyone here, just sort of wake up call or gently reminder for us as we might be the next victims here.
hero member
Activity: 2870
Merit: 574
Vave.com - Crypto Casino
Thanks for the information @OP.
But instead of contacting the site via Telegram, I will contact the representative via email because, after the hacking case on Huobi some time ago, hackers will still try to cheat Huobi users in many ways.
Telegram is the perfect place to get potential targets that they deceive and maybe someone has already been deceived through Telegram.
I will think twice about contacting a Huobi representative via Telegram because scammers are already using Telegram and we don't know or have difficulty distinguishing between the official Telegram from that site or a fake Telegram created by hackers.
They could get members in the Telegram group so that the target believes they are Huobi's representatives on Telegram.
hero member
Activity: 2744
Merit: 588
Thanks for the awareness OP but yeah, I also believe that even official links are not completely safe so one should still exercise with caution. And the fact that the site is giving you a free money without any deposits, well that’s odd. That alone is already a red flag. I have not experienced this but I think the Houbi exchange has issued an explanation about that. Try to visit again their site and probably you can see some reviews same to what you experienced, that will answer your doubts about houbi exchange.

Also, doubt the legitimacy of the request if it is too-good-to-be-true offer.
Even official channels have their black sheeps working inside trying to milk naive customers.
Just exercise your common sense, and if you are not very sure of your action, try to consult the community.
This forum alone have valuable members who are serious in busting scammers, and will try to assist you in any way they can.
This is why for me, this forum is like a hidden gem waiting to be tap by most crypto users, if they are not yet a member here.
hero member
Activity: 2940
Merit: 613
Winding down.
Thanks for the awareness OP but yeah, I also believe that even official links are not completely safe so one should still exercise with caution. And the fact that the site is giving you a free money without any deposits, well that’s odd. That alone is already a red flag. I have not experienced this but I think the Houbi exchange has issued an explanation about that. Try to visit again their site and probably you can see some reviews same to what you experienced, that will answer your doubts about houbi exchange.
sr. member
Activity: 854
Merit: 424
Playbet.io - Crypto Casino and Sportsbook
As wise man once said "Not Your Keys, Not Your Coins"Wink
He is a wise and careful man but who is he?  Cheesy

He's Andreas Antonopoulos and the first time he said about that is in Israel.

It's featuring by Andreas and he exactly said:

"Your keys, your Bitcoin. Not your keys, not your Bitcoin."

Bitcoin glossary

Quote
Or, as we in the IBA like to say:

If you don't have a private key, you don't have Bitcoin.

If your bitcoins are held in a 3rd party hosted wallet, you don't have Bitcoin.

If your bitcoins are in a hybrid wallet and you have no wallet backup, you don't have Bitcoin.

If you don't know what kind of wallet your bitcoins are held in or whether you control the private keys, you don't have Bitcoin.

If you don't even remember which wallet your bitcoins are held in or where it is, and your plan is to contact the Bitcoin Corporation to tell you which wallet you've opened and restore everything for you, you don't have Bitcoin.

If you have a wallet backup and password and everything is good, but in your will you have not specified details on how to access the bitcoins... You may have Bitcoin, but if something should ever happen to you, your family doesn't have Bitcoin.

If you believe you have Bitcoin, there's a decent chance you don't have Bitcoin.
sr. member
Activity: 938
Merit: 334
DGbet.fun - Crypto Sportsbook
Are you sure that you entered into their official website?

Because when I visited their official link which is : https://www.huobi.com/en-us/ I don't find any such telegram links like you shown in the screenshot so possibly you ended into a clone of Huobi aka HTX while searching the name on Google.

Always bookmark the official links, never trust the results appear on Google search.

No it's not a clone because I have app running on my smartphone as always, like I've said I am already a member of their official telegram group, even if it's clone it won't never direct me to the official telegram group, but this opened up two link, one is the official telegram and the other is the telegram channel asking for my recovery seed.

I am also aware that Huobi is now called HTX, I have their app on my phone all this while and I always use the app with no issue, I believe this is why people are able to fall for the hack that took place days ago, it's a slick move from the hackers.

All in all, free things are bad, many people are able to believe the link because its from the official platform itself, if you are able to doubt that I did something wrong, it shows that if you are 100% of the link you visiting you will also have given up your recovery seed.
legendary
Activity: 1932
Merit: 1273
Not clicking suspicious or unknown links should inherently come/based on the understanding of what is contained within and its capabilities (requesting seed phrase, wallet connection request, etc.). So if the essential knowledge is comprehended, any absurd permission request, even if it is from the "official", can be ignored.

This case is surely a neglect from the exchange, a fatal one, I suppose. It might convey that they do not care about users' safety, and do not guarantee a safe space with their services. Having defunct services yet still showing it from their end is surely an unforgiving mistake. However, Telegram also plays its part in having a questionable policy where an old username can be used again.
legendary
Activity: 2576
Merit: 1043
Need a Marketing Manager? |Telegram ID- @LT_Mouse
This is the handiwork of hackers. Cointelegraph reported that Huobi exchange have been hacked. According to the report, $7.9 million worth of assets have been stolen. This is another proof that centralized exchanges are not safe for storage of funds. Several posts have been made to show the danger of storing funds in CEX and I guess people are learning and making adjustments accordingly.

Let's hope they are able to arrest the situation before it get out of hand.
It has been, and it will never will be a safe storage of our assets.
With the number of hacks happened not only with Huobi, but in all of the Centralized exchanges, and even DEX'es combined, do you still think that it's still safe to store our assets there? Unfortunately, there are many investors, especially newbies who don't learn from this one, and still store their assets there maybe because they're giving free tokens just by storing your assets there. Like staking, but on an exchange.

Arrest? Remember Axie Infinity where they got hacked, and lost around $600M. Correct me, but the perpetrators on that hack didn't get arrested. What are the chances that the hackers who hacked Huobi will get arrested? 0% unless they will say it in public that they hacked the exchange, but that would be an absolute bullsh*t.

As for the investors who are still trying to store their assets in an exchange, you will only learn once you lost your money because the exchanged got hacked. Don't store your assets there. Giving you a certain percentage in exchange of storing your assets there isn't enough to cover your losses if they got hacked.
hero member
Activity: 3234
Merit: 774
🌀 Cosmic Casino
I don't use huobi but I follow them on their social media platforms. I think that there was this issue also in the past from blockchain.com wherein their one telegram channel was also compromised and replaced. Good thing that you guys have reported this already to them and let them bust that and replace that with their official channel's link. Looking at these series' of hacks, they're too many and we're not yet even in the bull run. A lot of money are outflowing on this market and are just going with these hackers.
sr. member
Activity: 1372
Merit: 348
It looks like aside from the exchange, the hacker also got a hold of the official telegram account of Huobi, reason why it injected a bot link that asked for seed phrase pretending to give $1000  in return.

This mean we should have a present of mind and not be blinded by greed whenever there is a giveaway offer.  We should look at what lies beyond that offer and see if it will compromise our data information's safety.  We should be aware of possible phishing attempt or malware injections in undergoing the process of giveaways and airdrops.  This information from @OP should serve as an example that even the official links can be compromised.
hero member
Activity: 1428
Merit: 513
Payment Gateway Allows Recurring Payments
As wise man once said "Not Your Keys, Not Your Coins"Wink
And this only wise thing saved the OP, because he knew that if you don't own the key, then your coins are gone too. That's why he did not fall for such a sh*t attempt. I doubt there would be many newbies who might have fallen for this scam. And as ZainMalik75 has already stated, this might be an attempt by the hackers. When they hacked the Houbi exchange,

I was also going to mention that hack, which took place like 3 or 4 days ago, and the amount was definitely not that much, but the attempt was an attempt, and it left a bad impact on the reputation. We definitely do not place our funds on any centralised exchange because they are vulnerable to many hacks.

For example, the hack of the CoinEx exchange (shared by some local members in our community), according to reports that I read two days ago, has already crossed almost 1 billion dollars from January to August. I mean, in 8 months, hacks have nailed it.

Who knows the inside jobs, but all hands are pointed towards North Korea's hacker. 
hero member
Activity: 1834
Merit: 879
Rollbit.com ⚔️Crypto Futures
Thanks a lot for sharing this news. I am not a regular user of the Houbi exchange for many reasons, one of which was the recent news about the liquidity problems that Houbi is facing. Many people warned here on BTT to withdraw funds from that exchange. And I hope many have withdrawn their funds. I don't know if you are aware of the current hack that occurred in Houbi Exchange.
Just catching up with this hack now, and am surprised that the amount lost was not a colossal sum like what we used to seeing...

Perhaps the warnings did not fall on deaf ears and people did actually listen & moved funds out of the exchange.

Hackers took around $8 million; they belonged to China and also got caught, and they were given a time of 7 days to return the funds with a 5% bonus.
Looking at how fast it took to find the culprits makes this sound/look like an inside job and whoever cracked this had an easy lead to follow.

Oh btw didn't see anything that said they caught these guys besides their bluff of "we know your identity note on addy" are these guys serous lol

To be honest, I like the way they take opportunities and do not leave any door open for the users to not become victims of the hack.
Unfortunately hackers are more resourceful in finding all these loopholes and if our crypto companies don't take an aggressive approach in trying to zero down on all these system breaches we shall keep getting such news year in, year out!!

Best approach is to have lucrative bug bounties to fight all this...
hero member
Activity: 812
Merit: 560
When we advice and warn newbies on here about clicking on random links, we always end them advice with finding official links to everything, including software for PCs or apps for smartphones, but today I screamed out loud, saying...

It is important that we don't play or joke with every advise and information coming from this platform, exchanges have been said repeatedly to be one of the bad actors to why we lost our financial assets, if not your keys then not your coins, it's time we take care of how we make downloads, click links and visit some websites that we are not even sure about, every means that may leads to our attack should be avoided and this recent compromise should serve a lesson on those still on other exchanges with their assets.
hero member
Activity: 1414
Merit: 670
Thanks a lot for sharing this news. I am not a regular user of the Houbi exchange for many reasons, one of which was the recent news about the liquidity problems that Houbi is facing. Many people warned here on BTT to withdraw funds from that exchange. And I hope many have withdrawn their funds. I don't know if you are aware of the current hack that occurred in Houbi Exchange.

Hackers took around $8 million; they belonged to China and also got caught, and they were given a time of 7 days to return the funds with a 5% bonus. You can read the news here.

https://cryptobriefing.com/crypto-exchange-huobi-hacked-for-7-9-million/

I think those hackers might have inserted these links on their platforms, and when you click on them, you are led straight to the telegram bot where they ask you for the recovery phase. And I think many might have lost their funds to this trick.

To be honest, I like the way they take opportunities and do not leave any door open for the users to not become victims of the hack.
sr. member
Activity: 728
Merit: 300
Love Bitcoin🖤
For the fact that I click on the official Huobi telegram group, this is enough to confuse some people to insert their recovery seed, like what the hell? Coming from the official link? Like I share this to educate mostly crypto beginners, even if it's a messiah that comes asking for your recovery seed, you will be a fool to have trust them, do not trust any body with your recovery seed, it's yours and it should be yours only and privately.

Peace ✌️

This is the most commonly used trick that is always used by scammers. This type of scamming is called a phishing scam. In this method, the scammer designs the site just like the official one and then shares or sends it to someone, and people always trust it as they use the official name and logo. And after that, they offer free money to you. But the question is why people always trapped in their scams so there are according to me is three possibilities.

**It may be possible that the person who has been scammed may not be aware of the phishing scams.
**The second one is that they use the branding and logo of that official site so people can easily trust them.
**And the third one and I think it is the most effective one is that they know how much people are greedy and they hold this greedy nature of people and offer free money.

The official Houbi does not ask for your seeds because that is not their policy let's suppose if they ask for your seeds then think about whether your wallet is safe or not. How is it possible that you give your own wallet control to a stranger? The wallet is to save your funds and no one can access your wallet. So be active and not be stupid to spread your own seeds when you create a wallet at the time of giving the key they also mentioned that do not share your keys with anyone.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
I'm sure you got a fake official telegram even if you joined on real Huobi telegram group when you search for Huobi and try to access the group you will get the fake telegram group.
This issue is very common in telegram it happens to me on the Coinex telegram group ask them about suspended withdrawal but suddenly mods chat me and asking for wallet seed phrase I wondered why they ask about my seed phrase that is why I search and try to contact them through Coinex email and confirmed that the Coinex telegram group that I access is fake.

The fake one looks the same as the original Coinex telegram they add the same people from the original to the fake one which is why they also pop up on our telegram.
sr. member
Activity: 322
Merit: 318
The Alliance Of Bitcointalk Translators - ENG>BAN
As wise man once said "Not Your Keys, Not Your Coins"Wink
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
Angry it wasn't supposed to be the official link  Angry

Before you ask why the link when I am not new to the exchange, I joined too many telegram channels and scrolling through them to find huobi telegram seen annoying so I went through the exchange link.
What you see visually can be an official website link or a phishing link. There are some types of phishing attacks and one of they is Puny code.

Punycode and how to protect yourself from Homograph Phishing attacks?

You must double check many things including third party websites like Coinmarketcap and Coingecko. Don't automatically trust search results from Google or any search engine.

If you want to visit an official link, download a wallet software, you must do more, verify it digital signature, PGP key like this one with Electrum wallet.

[GUIDE] How to Safely Download and Verify Electrum
Security checklist
hero member
Activity: 602
Merit: 543
This is the handiwork of hackers. Cointelegraph reported that Huobi exchange have been hacked. According to the report, $7.9 million worth of assets have been stolen. This is another proof that centralized exchanges are not safe for storage of funds. Several posts have been made to show the danger of storing funds in CEX and I guess people are learning and making adjustments accordingly.

Let's hope they are able to arrest the situation before it get out of hand.
legendary
Activity: 2002
Merit: 2534
The Alliance Of Bitcointalk Translators - ENG>SPA
I'm not aware about the mentioned hack but that would be the most reasonable explanation of what happened.

When I first read the title of this topic I thought about a DNS hack, so, although it doesn't seem to be the case this time, anyone should be aware that, indeed, "even the official links aren't safe anymore", and I'm curious about who of us uses IPs instead of URLs.
hero member
Activity: 812
Merit: 619
Yes this is very serious issue, hackers are very active and they are looking for every door to enter and decieve people. This time they got a very special way to scam people. I asked in telegram official group and surprisingly, he didn't know either. let's me to tell what's actually happened.

Huobei updated their telegram group or username and telegram have a policy that after some time of inactivity they delete group/channel and then anyone could use same username/channel name. Scammer find this and created channel/group with same name. Is this is very old article Houbei team didn't aware about it.

Here are some discussion that I made with admin




Thanks OP , you did a well job by exposing here and now Houbei team will also remove these scam links



Are you sure that you entered into their official website?

Because when I visited their official link which is : https://www.huobi.com/en-us/ I don't find any such telegram links like you shown in the screenshot so possibly you ended into a clone of Huobi aka HTX while searching the name on Google.

Always bookmark the official links, never trust the results appear on Google search.

OP is right, this is official link but old data. you can check below

Code:
https://www.huobi.com/support/en-us/detail/44890678845210
sr. member
Activity: 630
Merit: 298
Just like what others have said, the mistake is coming from You, it is obvious you gone through the wrong link. Maybe you should post the link here to help someone newbies identify the clone one.

Now the question is which application did you login your account into because you said it was from there you went to his clone site, if it is so then I think you have a bigger problem at hand because it seems you are using a wrong/phishing app or link to login to your houbi account
legendary
Activity: 2380
Merit: 5213
I login to my huobi account as usual and I got a message that they stop the BTC deposit for some maintenance until further notice, cool and acceptable, but I was curious to know when the deposit will be back
That's probably due to their recent hack. For more information, you can visit the topic created by Rikafip.
HTX (Huobi) hacked, $8 million lost


I don't find any such telegram links like you shown in the screenshot so possibly you ended into a clone of Huobi aka HTX while searching the name on Google.
If you scroll down to bottom of the page, you can see some buttons that can redirect you to their telegram group, Instagram, Facebook, etc.
The link to their telegram on their website is different from what displayed on the image shared by OP.

Z390, you are probably getting the link from a fake website.
sr. member
Activity: 910
Merit: 284
Are you sure that you entered into their official website?

Because when I visited their official link which is : https://www.huobi.com/en-us/ I don't find any such telegram links like you shown in the screenshot so possibly you ended into a clone of Huobi aka HTX while searching the name on Google.

Always bookmark the official links, never trust the results appear on Google search.
sr. member
Activity: 938
Merit: 334
DGbet.fun - Crypto Sportsbook
When we advice and warn newbies on here about clicking on random links, we always end them advice with finding official links to everything, including software for PCs or apps for smartphones, but today I screamed out loud, saying...

 Angry it wasn't supposed to be the official link  Angry

I planned to sell my BTC on the Huobi exchange, and I am not new to this exchange at all, I know about their official links, including their Twitter account, telegram, and discord channel, but something new happened.

I login to my huobi account as usual and I got a message that they stop the BTC deposit for some maintenance until further notice, cool and acceptable, but I was curious to know when the deposit will be back, so I click on their official telegram link.

Before you ask why the link when I am not new to the exchange, I joined too many telegram channels and scrolling through them to find huobi telegram seen annoying so I went through the exchange link.




Here is what popped up after clicking on the link



They are trying to give me money, that I don't work for, $1000 USDT, and the funny part is the official telegram channel do open up as well, and it's the old popular Huobi telegram channel that I've always used, now this crap is asking me to insert my recovery seed to claim this free $1000 USDT.

For the fact that I click on the official Huobi telegram group, this is enough to confuse some people to insert their recovery seed, like what the hell? Coming from the official link? Like I share this to educate mostly crypto beginners, even if it's a messiah that comes asking for your recovery seed, you will be a fool to have trust them, do not trust any body with your recovery seed, it's yours and it should be yours only and privately.

Peace ✌️
Jump to: