Many OKX Users Lose Funds Due to Identity Theft

The incident involving OKX users losing assets due to a two-factor authentication (2FA) security vulnerability has revealed new developments.

Azcnews Many Okx Users Lose Funds Due To Identity Theft

According to a post on its Chinese X account on June 12th, the cryptocurrency exchange OKX confirmed a data breach that resulted in the theft of user assets. “The issue is currently under investigation by the authorities, and we cannot provide further details at this time,” the exchange stated in the post.


Earlier, on June 10th, two OKX users reported a security vulnerability on social media, claiming it allowed hackers to access their accounts and drain their wallets. Blockchain security firm SlowMist identified similarities between the incidents, noting that a new API key was created after users received SMS alerts from Hong Kong to verify that the account holder was conducting the transactions.

On June 10th, Web3 security group Dilation Effect asserted that attackers exploited a security flaw in OKX, allegedly allowing users to disable Google Authenticator (GA) or SMS verification without triggering the 24-hour withdrawal suspension system for certain activities.

However, the exchange has denied this claim after conducting an investigation, refuting the speculations about a security flaw in its verification system. OKX stated, “This incident is not related to the choice of Google Authenticator or SMS verification.” Instead, they suggested that the breach might have occurred because malicious actors forged OKX users’ documents, thus obtaining sensitive information and bypassing identity verification measures.

In a recent X post, OKX mentioned that they have compensated and will continue to compensate affected users. According to a report by Wu Blockchain on June 12th, the two users whose accounts were compromised have received full reimbursement from the exchange. To prevent future incidents, OKX announced that it will mandate the use of Google Authenticator for all transactions.


The exact number of users whose identities were stolen and accounts drained has not yet been disclosed by OKX. However, the amount of money involved appears substantial. Recently, a hacker breached the account of Crypto Lala, the operations manager of the Singapore-based market maker QuantMatter, and stole $11.6 million from the wallet.

This theft occurred on May 30, 2024, according to the post. Despite the account being secured with offline Google Authenticator (GA), the cause of the hack remains unclear and requires further investigation.

The hacker added whitelisted addresses and converted the stolen funds into BTC, ETH, USDC, and USDT. Subsequently, the hacker transferred all the funds to an on-chain wallet address. Currently, the money remains in that wallet without any signs of movement.


“The hacker had full access to my account. They converted everything to ETH and withdrew all my funds within 25 minutes. I noticed this through one of my sub-accounts. When I checked my main account, all the money had been stolen,” the post revealed.

Speculations suggest that the hacker may have used offline GA verification to steal the funds, indicating that the GA information of the market maker was compromised.

The true cause of the incident, the estimated number of affected users, and the extent of the damages remain unclear. However, this incident serves as a wake-up call for the security systems of centralized exchanges utilizing Google Authenticator. It highlights the need for stricter security measures to better protect users in the Web3 space.

(88 votes)

1.1/5

(88 votes)
  1. Avatar of
    Anonymous

    Wow

  2. Avatar of
    Anonymous

    okx监守自盗啊,还在这糊弄人呢

  3. Avatar of Ali
    Ali

    نوش جان هکر.این صرافی و همه صرافی‌هایی که به ناحق مردم مظلوم ایران را از حقشان محروم کرده یا می‌کنند به دلیل نقض عدالت از عذاب خداوند نمی‌توانند فرار کنند و به این طريق تابان سختی را میدهند

Comments are closed.

Latest

Xrp Lawyer Refutes The Biggest Lie In The Crypto Industry

News | Editor Choice | Policy & Regulations

XRP Lawyer Refutes the Biggest Lie in the Crypto Industry

Ripple lawyer Bill Morgan firmly refutes accusations that XRP lacks legal clarity, calling it “the biggest lie” in the crypto industry today.

How To Participate In Wump Airdrop

Airdrops | Editor Choice

How to Participate in Wump Airdrop

Join the airdrop hunt for the Wump project, inspired by Telegram projects but developed on the Discord platform.

Meta Drops Bitcoin Purchase Proposal, Zuckerberg May Be The Opponent

News | Bitcoin | Editor Choice

Meta Drops Bitcoin Purchase Proposal, Zuckerberg May Be the Opponent

Meta has rejected a proposal to include Bitcoin in its asset class, showing that the tech giant remains cautious about the cryptocurrency investment trend even as many large businesses are gradually joining the game.

Elon Musk Launches Xchat Inspired By Bitcoin

News | Bitcoin | Editor Choice

Elon Musk Launches XChat Inspired by Bitcoin

Elon Musk has just unveiled XChat — a new messaging feature on the X platform that integrates Bitcoin-level encryption and is developed using the Rust programming language, promising to set a new benchmark for security and privacy in digital messaging.

Price Prediction For Pi By The End Of 2025

Pi Network | Editor Choice

Price Prediction for PI by the End of 2025

According to CoinDCX, the price of PI Coin may see an uptrend by the end of this year and could recover to the range of $2 to $2.8.