TLDR
- Two OKX users fell victim to a SIM swap hack on June 9, resulting in the theft of an undisclosed sum of funds.
- The attackers sent fake SMS notifications appearing to come from Hong Kong, tricking victims into creating new API keys with withdrawal and trading permissions.
- OKX is investigating the situation and has promised to take responsibility if the platform is found to be at fault.
- Following the security rumors, OKX has experienced substantial outflows, with users withdrawing approximately $837 million in the past week.
- Blockchain reporter Wu Blockchain revealed serious security flaws in OKX’s system, including the ability to bypass Google Authenticator verification and the lack of withdrawal bans for sensitive operations.
OKX finds itself in the spotlight following a series of security breaches and subsequent user withdrawals. On June 9, two OKX users fell victim to a sophisticated SIM swap hack, resulting in the theft of an undisclosed sum of funds.
The attackers exploited a vulnerability in the exchange’s SMS notification system, sending fake messages that appeared to originate from Hong Kong, which tricked the victims into creating new API keys with withdrawal and trading permissions.
两个不同的受害者,今天凌晨遭遇的交易所账号被盗币事件的手法及一些特征居然是相似的,除了 @AsAnEgg 提到的共性,还包括短信风险通知来自“香港”这个特征、创建了新的 API Key(有提现、交易权限,这也是为什么之前怀疑有对敲意图,目前看来可以排除了)。… https://t.co/pqIjqLhmkB
— Cos(余弦)????????️ (@evilcos) June 9, 2024
This incident follows another recent attack on OKX, where cybercriminals used artificial intelligence (AI) to create fake videos to bypass the exchange’s security measures. The back-to-back breaches have raised concerns among users and industry observers about the robustness of OKX’s security architecture.
In response to the SIM swap hack, OKX has launched an investigation, contacting the affected users and promising to take full responsibility if the platform is found to be at fault.
The exchange has requested patience from its users during the investigation process and has recommended enabling two-factor authentication (2FA) to prevent further breaches.
Despite these assurances, the security concerns surrounding OKX have led to substantial outflows from the platform.
According to DefiLlama, users have withdrawn approximately $204 million in the past 24 hours and $633 million over the past week, totaling an alarming $837 million.
These mass withdrawals have made OKX the exchange with the largest outflows in the past seven days, while its main competitor, Binance, has seen a net inflow of $1.364 billion during the same period.
The situation has been further complicated by the findings of blockchain reporter Wu Blockchain, who conducted an analysis revealing serious shortcomings in OKX’s security settings.
Wu Blockchain highlighted three main issues:
- OKX allows users to switch to lower security verification methods, such as SMS, during sensitive operations like adding a whitelist address, withdrawals, and various verification changes, effectively bypassing Google Authenticator (GA) verification.
- The exchange does not trigger a 24-hour withdrawal ban for sensitive operations such as disabling phone verification, disabling GA verification, and changing the login password. Withdrawal bans only apply when logging in on a new device, compromising risk control measures for password changes.
- Withdrawals to whitelisted addresses are not subject to dynamic verification based on withdrawal amounts. Once an address is added to the whitelist, withdrawals up to the limit can proceed without further verification, unlike other exchanges that set limits requiring re-verification for larger amounts.
These security shortcomings have exposed OKX users to significant risks, and the exchange must address these issues promptly to restore user confidence.
As the investigation into the recent attacks continues, OKX faces the challenge of balancing user security with the need to maintain a seamless trading experience.