On June 12, OKX, a cryptocurrency exchange, confirmed on its Chinese X account that a data breach led to the theft of user assets.
关于近期个别客户账户出现安全事件的情况说明
1. 所有此事件的有关用户都已经/马上得到圆满解决;
2. 此事件与谷歌验证器或短信验证的选择无关,但是 #OKX 确实推荐有能力的用户使用谷歌验证器;
3.…— OKX中文 (@okxchinese) June 12, 2024
Previously, on June 10, two OKX users reported a security flaw on social media, blaming it for allowing hackers to access their accounts and empty their wallets. Blockchain security firm SlowMist identified similarities between the two incidents, noting that a new API key was created after users received a risk alert SMS from Hong Kong to verify account activity.
On June 10, Web3 security group Dilation Effect claimed that attackers exploited a security vulnerability in OKX. This flaw allegedly allowed users to disable Google Authenticator (GA) or SMS verification without triggering the 24-hour withdrawal suspension in certain activities.
However, after an investigation, OKX denied these claims, rejecting the notion of a security flaw in its verification system. OKX stated, “This incident has nothing to do with choosing Google Authenticator or SMS verification.” Instead, the issue might have been due to attackers using fake documents to obtain sensitive user information and bypass identity verification.
In its latest X post, OKX added that it has compensated and will continue to compensate affected users. According to a June 12 report by Wu Blockchain, the two compromised users received full compensation from the exchange. To prevent future incidents, OKX announced it will require users to use Google Authenticator for transactions.
Exclusive: Two users whose OKX accounts were stolen have received full compensation from OKX. The suspected cause was the hijacking of their SMS and email. OKX has decided to add mandatory Google Authenticator in the future to avoid similar incidents from happening again. https://t.co/MmRSLXohBt
— Wu Blockchain (@WuBlockchain) June 12, 2024
OKX has not yet disclosed the number of users affected by identity theft and wallet-draining. However, the amount stolen is likely substantial. Recently, a hacker breached the account of Crypto Lala, the operations manager at Singapore-based market maker QuantMatter, and stole $11.6 million from their wallet.
Exclusive: Singapore market maker QuantMatter claims that $11.6 million of its OKX institutional account was suddenly stolen on May 30. The account was set up with an offline Google Authenticator. The cause of the hack is currently unknown and further investigation is needed.…
— Wu Blockchain (@WuBlockchain) June 13, 2024
According to the post, this amount was unexpectedly stolen on May 30, 2024. The account was secured with offline Google Authenticator (GA), and the cause of the hack is currently unknown and requires further investigation.
The hacker added whitelist addresses and converted the stolen funds into BTC, ETH, USDC, and USDT. The entire amount was then transferred to an on-chain wallet address. As of now, the funds remain in that wallet without any movement.
Many speculate that the hacker used offline GA verification to steal the funds and that the market maker’s GA information was compromised.
The true cause of the incident, the estimated number of affected users, and the extent of the damage in the OKX breach remain unclear. However, this incident serves as a wake-up call for centralized exchanges to implement stricter security measures around Google Authenticator to protect users in the Web3 space better.