Many OKX Users Lose Funds Due to Identity Theft

The incident involving OKX users losing assets due to a two-factor authentication (2FA) security vulnerability has revealed new developments.

Azcnews Many Okx Users Lose Funds Due To Identity Theft

According to a post on its Chinese X account on June 12th, the cryptocurrency exchange OKX confirmed a data breach that resulted in the theft of user assets. “The issue is currently under investigation by the authorities, and we cannot provide further details at this time,” the exchange stated in the post.


Earlier, on June 10th, two OKX users reported a security vulnerability on social media, claiming it allowed hackers to access their accounts and drain their wallets. Blockchain security firm SlowMist identified similarities between the incidents, noting that a new API key was created after users received SMS alerts from Hong Kong to verify that the account holder was conducting the transactions.

On June 10th, Web3 security group Dilation Effect asserted that attackers exploited a security flaw in OKX, allegedly allowing users to disable Google Authenticator (GA) or SMS verification without triggering the 24-hour withdrawal suspension system for certain activities.

However, the exchange has denied this claim after conducting an investigation, refuting the speculations about a security flaw in its verification system. OKX stated, “This incident is not related to the choice of Google Authenticator or SMS verification.” Instead, they suggested that the breach might have occurred because malicious actors forged OKX users’ documents, thus obtaining sensitive information and bypassing identity verification measures.

In a recent X post, OKX mentioned that they have compensated and will continue to compensate affected users. According to a report by Wu Blockchain on June 12th, the two users whose accounts were compromised have received full reimbursement from the exchange. To prevent future incidents, OKX announced that it will mandate the use of Google Authenticator for all transactions.


The exact number of users whose identities were stolen and accounts drained has not yet been disclosed by OKX. However, the amount of money involved appears substantial. Recently, a hacker breached the account of Crypto Lala, the operations manager of the Singapore-based market maker QuantMatter, and stole $11.6 million from the wallet.

This theft occurred on May 30, 2024, according to the post. Despite the account being secured with offline Google Authenticator (GA), the cause of the hack remains unclear and requires further investigation.

The hacker added whitelisted addresses and converted the stolen funds into BTC, ETH, USDC, and USDT. Subsequently, the hacker transferred all the funds to an on-chain wallet address. Currently, the money remains in that wallet without any signs of movement.


“The hacker had full access to my account. They converted everything to ETH and withdrew all my funds within 25 minutes. I noticed this through one of my sub-accounts. When I checked my main account, all the money had been stolen,” the post revealed.

Speculations suggest that the hacker may have used offline GA verification to steal the funds, indicating that the GA information of the market maker was compromised.

The true cause of the incident, the estimated number of affected users, and the extent of the damages remain unclear. However, this incident serves as a wake-up call for the security systems of centralized exchanges utilizing Google Authenticator. It highlights the need for stricter security measures to better protect users in the Web3 space.

1.1/5

(88 votes)
  1. Avatar of
    Anonymous

    Wow

    • Avatar of Ali
      Ali

      نوش جان هکر.این صرافی و همه صرافی‌هایی که به ناحق مردم مظلوم ایران را از حقشان محروم کرده یا می‌کنند به دلیل نقض عدالت از عذاب خداوند نمی‌توانند فرار کنند و به این طريق تابان سختی را میدهند

  2. Avatar of
    Anonymous

    okx监守自盗啊,还在这糊弄人呢

Comments are closed.

Latest

Azcnews Breaking Zklend Loses $4.9m In Starknet Exploit

News | Editor Choice | Policy & Regulations

zkLend Loses $4.9M in Starknet Exploit, Offers Hacker 10% Bounty for Return of Funds

Decentralized lending protocol zkLend has fallen victim to a $4.9 million exploit on the Starknet network, marking a resurgence in crypto-related hacks after a decline in January.

Azcnews Breaking Us And Uk Refuse To Sign International Agreement On Ethical Ai

News | AI | Editor Choice

US and UK Refuse to Sign International Agreement on Ethical AI

The US and UK declined to sign an international AI agreement, citing concerns over excessive regulation, while the summit emphasized ethical AI development, innovation, and global cooperation.

Azcnews Breaking Bitcoin’s Price Fluctuation And The Role Of Otc Transactio

News | Bitcoin | Editor Choice

Bitcoin’s Price Fluctuation and the Role of OTC Transactions

Bitcoin briefly dropped to $94,900 last night before recovering slightly. While market sentiment and institutional strategies often dominate discussions on Bitcoin’s volatility, the impact of over-the-counter (OTC) transactions remains an overlooked but crucial factor.

Azcnews Breaking Bnb Chain’s Four.meme Suffers $183k Exploit In Security Breach

News | Editor Choice | Memecoin

BNB Chain’s Four.Meme Suffers $183K Exploit in Security Breach

The memecoin launch platform has temporarily suspended the creation of new liquidity pools as it works to resolve a recent exploit.

Azcnews Breaking Litecoin Etf Has A 90% Chance Of Sec Approval

News | Altcoin | Editor Choice | Policy & Regulations

Litecoin ETF Has a 90% Chance of SEC Approval

Bloomberg ETF analysts suggest that Litecoin's regulatory filings have been acknowledged, indicating that the SEC likely classifies it as a commodity.