Three front-end engineers from iToken conspired to implant a "backdoor" to steal encrypted wallets, each sentenced to three years in prison According to Yuntiao, from March to May 2023, three front-end development engineers, Liu, Zhang, and Dong, conspired to illegally obtain others' digital wallet private keys, mnemonic words, and other data by embedding a "backdoor" in the iToken APP application package in advance, and uploaded them to the database of the pre built VPS backend server corresponding to the specified domain name, and then downloaded them to the local server. After identification, a total of 27622 mnemonic words and 10203 private keys were illegally obtained (all of which have been deduplicated). The above-mentioned mnemonic words and private keys were successfully converted into 19487 digital wallet addresses (deduplicated). Liu is responsible for writing the code for the request logic; Zhang is responsible for setting up VPS and database, as well as uploading iToken to Android; Dong is responsible for purchasing domain names, encrypting user private keys, and uploading iTokenIOS. All three defendants were sentenced to three years in prison and fined RMB 30000 for illegally obtaining computer information system data. The defendants Liu, Zhang, and Dong are prohibited from engaging in network security management, network operations, and related work for three years from the date of completion of their sentence.