Three iToken Frontend Engineers Conspired to Implant a "Backdoor" to Steal Cryptocurrency Wallets, Each Sentenced to Three Years in Prison

BlockBeats News, April 16th. According to Cloud Headline, from March to May 2023, three frontend development engineers, namely Liu, Zhang 1, and Dong 2, conspired to pre-implant a "backdoor" in the iToken APP application package, illegally obtaining others' digital wallet private keys, mnemonic phrases, and other data, and uploading them to a pre-built VPS backend server database corresponding to a designated domain name, then downloading them to a local server. Upon identification, a total of 27,622 mnemonics and 10,203 private keys (both deduplicated) were illegally obtained. The aforementioned mnemonics and private keys were used to generate 19,487 unique digital wallet addresses. Liu was responsible for writing the request logic code; Zhang 1 was in charge of setting up the VPS and database, as well as uploading on the iToken Android end; Dong 2 handled domain name purchase, encrypted user private keys, and uploading on the iToken iOS end.

After the defendants Liu, Zhang 1, and Dong 2 were taken into custody, they all confessed to the aforementioned criminal facts. The court held that the defendants Liu, Zhang 1, and Dong 2 conspired to violate state regulations, used other technical means to illegally obtain computer information system data, and the circumstances were particularly serious. Their actions constituted the crime of illegally obtaining computer information system data and should be punished. The public prosecutor's accusations were established. The three defendants were sentenced to three years in prison and fined RMB 30,000 each for the crime of illegally obtaining computer information system data. Liu, Zhang 1, and Dong 2 are prohibited from engaging in network security management, network operation, and related work within three years after the completion of their sentence.