Many OKX Users Lose Funds Due to Identity Theft

According to a post on its Chinese X account on June 12th, the cryptocurrency exchange OKX confirmed a data breach that resulted in the theft of user assets. “The issue is currently under investigation by the authorities, and we cannot provide further details at this time,” the exchange stated in the post.

关于近期个别客户账户出现安全事件的情况说明

1. 所有此事件的有关用户都已经/马上得到圆满解决；
2. 此事件与谷歌验证器或短信验证的选择无关，但是 #OKX 确实推荐有能力的用户使用谷歌验证器；
3.…

— OKX中文 (@okxchinese) June 12, 2024

Earlier, on June 10th, two OKX users reported a security vulnerability on social media, claiming it allowed hackers to access their accounts and drain their wallets. Blockchain security firm SlowMist identified similarities between the incidents, noting that a new API key was created after users received SMS alerts from Hong Kong to verify that the account holder was conducting the transactions.

On June 10th, Web3 security group Dilation Effect asserted that attackers exploited a security flaw in OKX, allegedly allowing users to disable Google Authenticator (GA) or SMS verification without triggering the 24-hour withdrawal suspension system for certain activities.

However, the exchange has denied this claim after conducting an investigation, refuting the speculations about a security flaw in its verification system. OKX stated, “This incident is not related to the choice of Google Authenticator or SMS verification.” Instead, they suggested that the breach might have occurred because malicious actors forged OKX users’ documents, thus obtaining sensitive information and bypassing identity verification measures.

In a recent X post, OKX mentioned that they have compensated and will continue to compensate affected users. According to a report by Wu Blockchain on June 12th, the two users whose accounts were compromised have received full reimbursement from the exchange. To prevent future incidents, OKX announced that it will mandate the use of Google Authenticator for all transactions.

Exclusive: Two users whose OKX accounts were stolen have received full compensation from OKX. The suspected cause was the hijacking of their SMS and email. OKX has decided to add mandatory Google Authenticator in the future to avoid similar incidents from happening again. https://t.co/MmRSLXohBt

— Wu Blockchain (@WuBlockchain) June 12, 2024

The exact number of users whose identities were stolen and accounts drained has not yet been disclosed by OKX. However, the amount of money involved appears substantial. Recently, a hacker breached the account of Crypto Lala, the operations manager of the Singapore-based market maker QuantMatter, and stole $11.6 million from the wallet.

This theft occurred on May 30, 2024, according to the post. Despite the account being secured with offline Google Authenticator (GA), the cause of the hack remains unclear and requires further investigation.

The hacker added whitelisted addresses and converted the stolen funds into BTC, ETH, USDC, and USDT. Subsequently, the hacker transferred all the funds to an on-chain wallet address. Currently, the money remains in that wallet without any signs of movement.

Exclusive: Singapore market maker QuantMatter claims that $11.6 million of its OKX institutional account was suddenly stolen on May 30. The account was set up with an offline Google Authenticator. The cause of the hack is currently unknown and further investigation is needed.…

— Wu Blockchain (@WuBlockchain) June 13, 2024

“The hacker had full access to my account. They converted everything to ETH and withdrew all my funds within 25 minutes. I noticed this through one of my sub-accounts. When I checked my main account, all the money had been stolen,” the post revealed.

Speculations suggest that the hacker may have used offline GA verification to steal the funds, indicating that the GA information of the market maker was compromised.

The true cause of the incident, the estimated number of affected users, and the extent of the damages remain unclear. However, this incident serves as a wake-up call for the security systems of centralized exchanges utilizing Google Authenticator. It highlights the need for stricter security measures to better protect users in the Web3 space.